← back
CVE-2024-41793

CVE-2024-41793

CVSS 7.7 HIGHEPSS 0.5%CWE-306
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.7EPSS 0.5%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
08 Apr 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices provides an endpoint that allows to enable the ssh service without authentication. This could allow an unauthenticated remote attacker to enable remote access to the device via ssh.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:H/SA:N
Affected products
Siemens · SENTRON 7KT PAC1260 Data Manager

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://cert-portal.siemens.com/productcert/html/ssa-187636.html