Details of VAR-202504-0723

ID

VAR-202504-0723

CVE

CVE-2024-41794

TITLE

Siemens' SENTRON 7KT PAC1260 Data Manager Vulnerability related to use of hardcoded credentials in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-028288

DESCRIPTION

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). Affected devices contain hardcoded credentials for remote access to the device operating system with root privileges. This could allow unauthenticated remote attackers to gain full access to a device, if they are in possession of these credentials and if the ssh service is enabled (e.g., by exploitation of CVE-2024-41793). Siemens' SENTRON 7KT PAC1260 Data Manager A vulnerability exists in the firmware regarding the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siemens SENTRON 7KT PAC1260 Data Manager is a device used for power monitoring and energy consumption management by Siemens, Germany. The vulnerability is caused by the existence of hard-coded credentials

Trust: 2.16

sources: NVD: CVE-2024-41794 // JVNDB: JVNDB-2024-028288 // CNVD: CNVD-2025-07816

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-07816

AFFECTED PRODUCTS

vendor:	siemens	model:	7kt pac1260 data manager	scope:	eq	version:	*	Trust: 1.0
vendor:	シーメンス	model:	sentron 7kt pac1260 data manager	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	sentron 7kt pac1260 data manager	scope:	eq	version:	-	Trust: 0.8
vendor:	シーメンス	model:	sentron 7kt pac1260 data manager	scope:	eq	version:	sentron 7kt pac1260 data manager firmware	Trust: 0.8
vendor:	siemens	model:	sentron 7kt pac1260 data manager	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-07816 // JVNDB: JVNDB-2024-028288 // NVD: CVE-2024-41794

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com:	CVE-2024-41794
value:	CRITICAL
Trust: 1.0
nvd@nist.gov:	CVE-2024-41794
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2024-41794
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2025-07816
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-07816
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

productcert@siemens.com:	CVE-2024-41794
baseSeverity:	CRITICAL
baseScore:	10.0
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	6.0
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2024-41794
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2024-41794
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-07816 // JVNDB: JVNDB-2024-028288 // NVD: CVE-2024-41794 // NVD: CVE-2024-41794

PROBLEMTYPE DATA

problemtype:	CWE-798	Trust: 1.0
problemtype:	Use hard-coded credentials (CWE-798) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-028288 // NVD: CVE-2024-41794

PATCH

title:

Patch for Siemens SENTRON 7KT PAC1260 Data Manager Trust Management Issue Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/682161

Trust: 0.6

sources: CNVD: CNVD-2025-07816

EXTERNAL IDS

db:	NVD	id:	CVE-2024-41794	Trust: 3.2
db:	SIEMENS	id:	SSA-187636	Trust: 2.4
db:	JVN	id:	JVNVU90506697	Trust: 0.8
db:	ICS CERT	id:	ICSA-25-100-06	Trust: 0.8
db:	JVNDB	id:	JVNDB-2024-028288	Trust: 0.8
db:	CNVD	id:	CNVD-2025-07816	Trust: 0.6

sources: CNVD: CNVD-2025-07816 // JVNDB: JVNDB-2024-028288 // NVD: CVE-2024-41794

REFERENCES

url:	https://cert-portal.siemens.com/productcert/html/ssa-187636.html	Trust: 2.4
url:	https://jvn.jp/vu/jvnvu90506697/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-41794	Trust: 0.8
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-25-100-06	Trust: 0.8

sources: CNVD: CNVD-2025-07816 // JVNDB: JVNDB-2024-028288 // NVD: CVE-2024-41794

SOURCES

db:	CNVD	id:	CNVD-2025-07816
db:	JVNDB	id:	JVNDB-2024-028288
db:	NVD	id:	CVE-2024-41794

LAST UPDATE DATE

2025-10-03T21:16:58.680000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-07816	date:	2025-04-21T00:00:00
db:	JVNDB	id:	JVNDB-2024-028288	date:	2025-10-02T02:01:00
db:	NVD	id:	CVE-2024-41794	date:	2025-09-23T16:13:18.453

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-07816	date:	2025-04-23T00:00:00
db:	JVNDB	id:	JVNDB-2024-028288	date:	2025-10-02T00:00:00
db:	NVD	id:	CVE-2024-41794	date:	2025-04-08T09:15:20.010