Details of VAR-202504-0723

ID

VAR-202504-0723

CVE

CVE-2024-41794

TITLE

Siemens SENTRON 7KT PAC1260 Data Manager Trust Management Issue Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-07816

DESCRIPTION

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). Affected devices contain hardcoded credentials for remote access to the device operating system with root privileges. This could allow unauthenticated remote attackers to gain full access to a device, if they are in possession of these credentials and if the ssh service is enabled (e.g., by exploitation of CVE-2024-41793). Siemens SENTRON 7KT PAC1260 Data Manager is a device used for power monitoring and energy consumption management by Siemens, Germany. The vulnerability is caused by the existence of hard-coded credentials

Trust: 1.44

sources: NVD: CVE-2024-41794 // CNVD: CNVD-2025-07816

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-07816

AFFECTED PRODUCTS

vendor:

siemens

model:

sentron 7kt pac1260 data manager

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2025-07816

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com:	CVE-2024-41794
value:	CRITICAL
Trust: 1.0
CNVD:	CNVD-2025-07816
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-07816
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

productcert@siemens.com:	CVE-2024-41794
baseSeverity:	CRITICAL
baseScore:	10.0
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	6.0
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2025-07816 // NVD: CVE-2024-41794

PROBLEMTYPE DATA

problemtype:

CWE-798

Trust: 1.0

sources: NVD: CVE-2024-41794

PATCH

title:

Patch for Siemens SENTRON 7KT PAC1260 Data Manager Trust Management Issue Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/682161

Trust: 0.6

sources: CNVD: CNVD-2025-07816

EXTERNAL IDS

db:	SIEMENS	id:	SSA-187636	Trust: 1.6
db:	NVD	id:	CVE-2024-41794	Trust: 1.6
db:	CNVD	id:	CNVD-2025-07816	Trust: 0.6

sources: CNVD: CNVD-2025-07816 // NVD: CVE-2024-41794

REFERENCES

url:

https://cert-portal.siemens.com/productcert/html/ssa-187636.html

Trust: 1.6

sources: CNVD: CNVD-2025-07816 // NVD: CVE-2024-41794

SOURCES

db:	CNVD	id:	CNVD-2025-07816
db:	NVD	id:	CVE-2024-41794

LAST UPDATE DATE

2025-04-24T19:33:57.881000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-07816	date:	2025-04-21T00:00:00
db:	NVD	id:	CVE-2024-41794	date:	2025-04-08T18:13:53.347

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-07816	date:	2025-04-23T00:00:00
db:	NVD	id:	CVE-2024-41794	date:	2025-04-08T09:15:20.010