Details of VAR-202504-0721

ID

VAR-202504-0721

CVE

CVE-2024-41793

TITLE

Siemens SENTRON 7KT PAC1260 Data Manager Access Control Error Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-07811

DESCRIPTION

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices provides an endpoint that allows to enable the ssh service without authentication. This could allow an unauthenticated remote attacker to enable remote access to the device via ssh. Siemens SENTRON 7KT PAC1260 Data Manager is a device used for power monitoring and energy consumption management by Siemens, Germany

Trust: 1.44

sources: NVD: CVE-2024-41793 // CNVD: CNVD-2025-07811

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-07811

AFFECTED PRODUCTS

vendor:

siemens

model:

sentron 7kt pac1260 data manager

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2025-07811

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com:	CVE-2024-41793
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2025-07811
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-07811
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:C/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

productcert@siemens.com:	CVE-2024-41793
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	4.0
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2025-07811 // NVD: CVE-2024-41793

PROBLEMTYPE DATA

problemtype:

CWE-306

Trust: 1.0

sources: NVD: CVE-2024-41793

PATCH

title:

Patch for Siemens SENTRON 7KT PAC1260 Data Manager Access Control Error Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/682136

Trust: 0.6

sources: CNVD: CNVD-2025-07811

EXTERNAL IDS

db:	NVD	id:	CVE-2024-41793	Trust: 1.6
db:	SIEMENS	id:	SSA-187636	Trust: 1.6
db:	CNVD	id:	CNVD-2025-07811	Trust: 0.6

sources: CNVD: CNVD-2025-07811 // NVD: CVE-2024-41793

REFERENCES

url:

https://cert-portal.siemens.com/productcert/html/ssa-187636.html

Trust: 1.6

sources: CNVD: CNVD-2025-07811 // NVD: CVE-2024-41793

SOURCES

db:	CNVD	id:	CNVD-2025-07811
db:	NVD	id:	CVE-2024-41793

LAST UPDATE DATE

2025-04-23T19:33:37.706000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-07811	date:	2025-04-21T00:00:00
db:	NVD	id:	CVE-2024-41793	date:	2025-04-08T18:13:53.347

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-07811	date:	2025-04-22T00:00:00
db:	NVD	id:	CVE-2024-41793	date:	2025-04-08T09:15:19.563