Details of VAR-202504-0724

ID

VAR-202504-0724

CVE

CVE-2024-41788

TITLE

Siemens SENTRON 7KT PAC1260 Data Manager OS Command Injection Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-07808

DESCRIPTION

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices does not sanitize the input parameters in specific GET requests. This could allow an authenticated remote attacker to execute arbitrary code with root privileges. Siemens SENTRON 7KT PAC1260 Data Manager is a device used for power monitoring and energy consumption management by Siemens, Germany

Trust: 1.44

sources: NVD: CVE-2024-41788 // CNVD: CNVD-2025-07808

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-07808

AFFECTED PRODUCTS

vendor:

siemens

model:

sentron 7kt pac1260 data manager

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2025-07808

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com:	CVE-2024-41788
value:	CRITICAL
Trust: 1.0
CNVD:	CNVD-2025-07808
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-07808
severity:	HIGH
baseScore:	8.3
vectorString:	AV:N/AC:L/AU:M/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	MULTIPLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

productcert@siemens.com:	CVE-2024-41788
baseSeverity:	CRITICAL
baseScore:	9.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.3
impactScore:	6.0
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2025-07808 // NVD: CVE-2024-41788

PROBLEMTYPE DATA

problemtype:

CWE-78

Trust: 1.0

sources: NVD: CVE-2024-41788

PATCH

title:

Patch for Siemens SENTRON 7KT PAC1260 Data Manager OS Command Injection Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/682121

Trust: 0.6

sources: CNVD: CNVD-2025-07808

EXTERNAL IDS

db:	NVD	id:	CVE-2024-41788	Trust: 1.6
db:	SIEMENS	id:	SSA-187636	Trust: 1.6
db:	CNVD	id:	CNVD-2025-07808	Trust: 0.6

sources: CNVD: CNVD-2025-07808 // NVD: CVE-2024-41788

REFERENCES

url:

https://cert-portal.siemens.com/productcert/html/ssa-187636.html

Trust: 1.6

sources: CNVD: CNVD-2025-07808 // NVD: CVE-2024-41788

SOURCES

db:	CNVD	id:	CNVD-2025-07808
db:	NVD	id:	CVE-2024-41788

LAST UPDATE DATE

2025-04-23T19:33:37.611000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-07808	date:	2025-04-21T00:00:00
db:	NVD	id:	CVE-2024-41788	date:	2025-04-08T18:13:53.347

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-07808	date:	2025-04-22T00:00:00
db:	NVD	id:	CVE-2024-41788	date:	2025-04-08T09:15:17.820