CVE-2024-41793

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices provides an endpoint that allows to enable the ssh service without authentication. This could allow an unauthenticated remote attacker to enable remote access to the device via ssh.

CVSS v3 8.6 HIGH

8.6^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://cert-portal.siemens.com/productcert/html/ssa-187636.html	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:siemens:7kt_pac1260_data_manager_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:7kt_pac1260_data_manager:-:*:*:*:*:*:*:*

History

23 Sep 2025, 16:20

Type	Values Removed	Values Added
First Time		Siemens Siemens 7kt Pac1260 Data Manager Firmware Siemens 7kt Pac1260 Data Manager
References	~~() https://cert-portal.siemens.com/productcert/html/ssa-187636.html -~~	() https://cert-portal.siemens.com/productcert/html/ssa-187636.html - Vendor Advisory
CPE		cpe:2.3:o:siemens:7kt_pac1260_data_manager_firmware:::::::: cpe:2.3:h:siemens:7kt_pac1260_data_manager:-:::::::*

08 Apr 2025, 18:13

Type	Values Removed	Values Added
Summary		(es) Se ha identificado una vulnerabilidad en SENTRON 7KT PAC1260 Data Manager (todas las versiones). La interfaz web de los dispositivos afectados proporciona un endpoint que permite habilitar el servicio SSH sin autenticación. Esto podría permitir que un atacante remoto no autenticado acceda al dispositivo mediante SSH.

08 Apr 2025, 09:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-08 09:15

Updated : 2025-09-23 16:20

NVD link : CVE-2024-41793

Mitre link : CVE-2024-41793

CVE.ORG link : CVE-2024-41793

JSON object : View

Products Affected

siemens

7kt_pac1260_data_manager
7kt_pac1260_data_manager_firmware

CWE

CWE-306

Missing Authentication for Critical Function

{"id": "CVE-2024-41793", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "productcert@siemens.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "productcert@siemens.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-04-08T09:15:19.563", "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-187636.html", "tags": ["Vendor Advisory"], "source": "productcert@siemens.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "productcert@siemens.com", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices provides an endpoint that allows to enable the ssh service without authentication. This could allow an unauthenticated remote attacker to enable remote access to the device via ssh."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en SENTRON 7KT PAC1260 Data Manager (todas las versiones). La interfaz web de los dispositivos afectados proporciona un endpoint que permite habilitar el servicio SSH sin autenticaci\u00f3n. Esto podr\u00eda permitir que un atacante remoto no autenticado acceda al dispositivo mediante SSH."}], "lastModified": "2025-09-23T16:20:08.917", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:7kt_pac1260_data_manager_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5E6C441C-751B-4D8B-967B-8237E181F21A"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:7kt_pac1260_data_manager:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "129B89C3-6730-47B7-9D07-41116E8230A0"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "productcert@siemens.com"}