← back
CVE-2024-41790

CVE-2024-41790

CVSS 9.4 CRITICALEPSS 0.7%CWE-78
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9.4EPSS 0.7%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
08 Apr 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices does not sanitize the region parameter in specific POST requests. This could allow an authenticated remote attacker to execute arbitrary code with root privileges.
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Affected products
Siemens · SENTRON 7KT PAC1260 Data Manager

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://cert-portal.siemens.com/productcert/html/ssa-187636.html