CVE-2024-41794

Media report

EPSS 0.08%
Published 08.04.2025 08:22:11
Last modified 23.09.2025 16:13:18
Source productcert@siemens.com
Teams watchlist Login
Open Login

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). Affected devices contain hardcoded credentials for remote access to the device operating system with root privileges. This could allow unauthenticated remote attackers to gain full access to a device, if they are in possession of these credentials and if the ssh service is enabled (e.g., by exploitation of CVE-2024-41793).

Affected products Warnungen 0 Metrics 4 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Siemens ≫ 7kt Pac1260 Data Manager Firmware

Siemens ≫ 7kt Pac1260 Data Manager Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.08%	0.246

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
productcert@siemens.com	10	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
productcert@siemens.com	10	3.9	6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

https://www.heise.de/news/Root-Luecken-in-Siemens-Sentron-7KT-PAC1260-Data-Manager-bleiben-offen-10350128.html

Medienbericht

heise Security

https://cert-portal.siemens.com/productcert/html/ssa-187636.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-41794

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-41794

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-41794

EUVD