ID
VAR-202504-0725
CVE
CVE-2024-41795
TITLE
Siemens' SENTRON 7KT PAC1260 Data Manager Cross-site request forgery vulnerability in firmware
Trust: 0.8
DESCRIPTION
A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices is vulnerable to Cross-Site Request Forgery (CSRF) attacks. This could allow an unauthenticated attacker to change arbitrary device settings by tricking a legitimate device administrator to click on a malicious link. Siemens SENTRON 7KT PAC1260 Data Manager is a device for power monitoring and energy consumption management from Siemens, Germany. Siemens SENTRON 7KT PAC1260 Data Manager has a security vulnerability that stems from the web interface of the affected device allowing the login password to be changed without knowing the current password. Combined with a prepared CSRF attack (CVE-2024-441795), an unauthenticated attacker can exploit this vulnerability to set the password to a value controlled by the attacker
Trust: 2.16
IOT TAXONOMY
| category: | ['ICS'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | siemens | model: | 7kt pac1260 data manager | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | シーメンス | model: | sentron 7kt pac1260 data manager | scope: | - | version: | - | Trust: 0.8 |
| vendor: | シーメンス | model: | sentron 7kt pac1260 data manager | scope: | eq | version: | - | Trust: 0.8 |
| vendor: | シーメンス | model: | sentron 7kt pac1260 data manager | scope: | eq | version: | sentron 7kt pac1260 data manager firmware | Trust: 0.8 |
| vendor: | siemens | model: | sentron 7kt pac1260 data manager | scope: | - | version: | - | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-352 | Trust: 1.0 |
| problemtype: | Cross-site request forgery (CWE-352) [ others ] | Trust: 0.8 |
PATCH
| title: | Patch for Siemens SENTRON 7KT PAC1260 Data Manager has an unspecified vulnerability | url: | https://www.cnvd.org.cn/patchInfo/show/682146 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2024-41795 | Trust: 3.2 |
| db: | SIEMENS | id: | SSA-187636 | Trust: 2.4 |
| db: | JVN | id: | JVNVU90506697 | Trust: 0.8 |
| db: | ICS CERT | id: | ICSA-25-100-06 | Trust: 0.8 |
| db: | JVNDB | id: | JVNDB-2024-028287 | Trust: 0.8 |
| db: | CNVD | id: | CNVD-2025-07813 | Trust: 0.6 |
REFERENCES
| url: | https://cert-portal.siemens.com/productcert/html/ssa-187636.html | Trust: 2.4 |
| url: | https://jvn.jp/vu/jvnvu90506697/ | Trust: 0.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2024-41795 | Trust: 0.8 |
| url: | https://www.cisa.gov/news-events/ics-advisories/icsa-25-100-06 | Trust: 0.8 |
SOURCES
| db: | CNVD | id: | CNVD-2025-07813 |
| db: | JVNDB | id: | JVNDB-2024-028287 |
| db: | NVD | id: | CVE-2024-41795 |
LAST UPDATE DATE
2025-10-03T21:44:17.055000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2025-07813 | date: | 2025-04-21T00:00:00 |
| db: | JVNDB | id: | JVNDB-2024-028287 | date: | 2025-10-02T02:01:00 |
| db: | NVD | id: | CVE-2024-41795 | date: | 2025-09-23T16:06:17.087 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2025-07813 | date: | 2025-04-23T00:00:00 |
| db: | JVNDB | id: | JVNDB-2024-028287 | date: | 2025-10-02T00:00:00 |
| db: | NVD | id: | CVE-2024-41795 | date: | 2025-04-08T09:15:20.350 |