Home

Description

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices does not sanitize the region parameter in specific POST requests. This could allow an authenticated remote attacker to execute arbitrary code with root privileges.

PUBLISHED Reserved 2024-07-22 | Published 2025-04-08 | Updated 2025-04-08 | Assigner siemens




CRITICAL: 9.1CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CRITICAL: 9.4CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Problem types

CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Product status

Default status
unknown

Any version before *
affected

References

cert-portal.siemens.com/productcert/html/ssa-187636.html

cve.org (CVE-2024-41790)

nvd.nist.gov (CVE-2024-41790)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.