Sign-up

ID

VAR-202504-0724


CVE

CVE-2024-41788


TITLE

Siemens'  SENTRON 7KT PAC1260 Data Manager  in the firmware  OS  Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2024-028270

DESCRIPTION

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices does not sanitize the input parameters in specific GET requests. This could allow an authenticated remote attacker to execute arbitrary code with root privileges. Siemens' SENTRON 7KT PAC1260 Data Manager The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siemens SENTRON 7KT PAC1260 Data Manager is a device used for power monitoring and energy consumption management by Siemens, Germany

Trust: 2.16

sources: NVD: CVE-2024-41788 // JVNDB: JVNDB-2024-028270 // CNVD: CNVD-2025-07808

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-07808

AFFECTED PRODUCTS

vendor:siemensmodel:7kt pac1260 data managerscope:eqversion:*

Trust: 1.0

vendor:シーメンスmodel:sentron 7kt pac1260 data managerscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:sentron 7kt pac1260 data managerscope:eqversion: -

Trust: 0.8

vendor:シーメンスmodel:sentron 7kt pac1260 data managerscope:eqversion:sentron 7kt pac1260 data manager firmware

Trust: 0.8

vendor:siemensmodel:sentron 7kt pac1260 data managerscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-07808 // JVNDB: JVNDB-2024-028270 // NVD: CVE-2024-41788

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com: CVE-2024-41788
value: CRITICAL

Trust: 1.0

nvd@nist.gov: CVE-2024-41788
value: HIGH

Trust: 1.0

NVD: CVE-2024-41788
value: HIGH

Trust: 0.8

CNVD: CNVD-2025-07808
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-07808
severity: HIGH
baseScore: 8.3
vectorString: AV:N/AC:L/AU:M/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

productcert@siemens.com: CVE-2024-41788
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.3
impactScore: 6.0
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2024-41788
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2024-41788
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-07808 // JVNDB: JVNDB-2024-028270 // NVD: CVE-2024-41788 // NVD: CVE-2024-41788

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

problemtype:OS Command injection (CWE-78) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-028270 // NVD: CVE-2024-41788

PATCH

title:Patch for Siemens SENTRON 7KT PAC1260 Data Manager OS Command Injection Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/682121

Trust: 0.6

sources: CNVD: CNVD-2025-07808

EXTERNAL IDS

db:NVDid:CVE-2024-41788

Trust: 3.2

db:SIEMENSid:SSA-187636

Trust: 2.4

db:JVNid:JVNVU90506697

Trust: 0.8

db:ICS CERTid:ICSA-25-100-06

Trust: 0.8

db:JVNDBid:JVNDB-2024-028270

Trust: 0.8

db:CNVDid:CNVD-2025-07808

Trust: 0.6

sources: CNVD: CNVD-2025-07808 // JVNDB: JVNDB-2024-028270 // NVD: CVE-2024-41788

REFERENCES

url:https://cert-portal.siemens.com/productcert/html/ssa-187636.html

Trust: 2.4

url:https://jvn.jp/vu/jvnvu90506697/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-41788

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-25-100-06

Trust: 0.8

sources: CNVD: CNVD-2025-07808 // JVNDB: JVNDB-2024-028270 // NVD: CVE-2024-41788

SOURCES

db:CNVDid:CNVD-2025-07808
db:JVNDBid:JVNDB-2024-028270
db:NVDid:CVE-2024-41788

LAST UPDATE DATE

2025-10-03T23:05:30.388000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-07808date:2025-04-21T00:00:00
db:JVNDBid:JVNDB-2024-028270date:2025-09-30T08:47:00
db:NVDid:CVE-2024-41788date:2025-09-23T16:38:22.593

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-07808date:2025-04-22T00:00:00
db:JVNDBid:JVNDB-2024-028270date:2025-09-30T00:00:00
db:NVDid:CVE-2024-41788date:2025-04-08T09:15:17.820