Siemens

7kt Pac1260 Data Manager Firmware

9 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2024-41796

  • EPSS 0.09%
  • Veröffentlicht 08.04.2025 08:22:14
  • Zuletzt bearbeitet 23.09.2025 16:02:23

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices allows to change the login password without knowing the current password. In combination with a prepared CSRF attack (CVE-20...

6.5

CVE-2024-41795

  • EPSS 0.02%
  • Veröffentlicht 08.04.2025 08:22:12
  • Zuletzt bearbeitet 23.09.2025 16:06:17

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices is vulnerable to Cross-Site Request Forgery (CSRF) attacks. This could allow an unauthenticated attacker to change arbitrary...

9.8

CVE-2024-41794

Medienbericht
  • EPSS 0.08%
  • Veröffentlicht 08.04.2025 08:22:11
  • Zuletzt bearbeitet 23.09.2025 16:13:18

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). Affected devices contain hardcoded credentials for remote access to the device operating system with root privileges. This could allow unauthenticated remote atta...

7.5

CVE-2024-41793

  • EPSS 0.06%
  • Veröffentlicht 08.04.2025 08:22:09
  • Zuletzt bearbeitet 23.09.2025 16:20:08

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices provides an endpoint that allows to enable the ssh service without authentication. This could allow an unauthenticated remot...

7.5

CVE-2024-41792

  • EPSS 0.13%
  • Veröffentlicht 08.04.2025 08:22:08
  • Zuletzt bearbeitet 23.09.2025 16:21:32

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices contains a path traversal vulnerability. This could allow an unauthenticated attacker it to access arbitrary files on the de...

6.5

CVE-2024-41791

  • EPSS 0.04%
  • Veröffentlicht 08.04.2025 08:22:05
  • Zuletzt bearbeitet 23.09.2025 16:23:13

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices does not authenticate report creation requests. This could allow an unauthenticated remote attacker to read or clear the log...

7.2

CVE-2024-41790

Medienbericht
  • EPSS 0.17%
  • Veröffentlicht 08.04.2025 08:22:04
  • Zuletzt bearbeitet 23.09.2025 16:35:14

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices does not sanitize the region parameter in specific POST requests. This could allow an authenticated remote attacker to execu...

7.2

CVE-2024-41789

Medienbericht
  • EPSS 0.17%
  • Veröffentlicht 08.04.2025 08:22:02
  • Zuletzt bearbeitet 23.09.2025 16:37:39

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices does not sanitize the language parameter in specific POST requests. This could allow an authenticated remote attacker to exe...

7.2

CVE-2024-41788

Medienbericht
  • EPSS 0.17%
  • Veröffentlicht 08.04.2025 08:22:00
  • Zuletzt bearbeitet 23.09.2025 16:38:22

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices does not sanitize the input parameters in specific GET requests. This could allow an authenticated remote attacker to execut...