Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-41789

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices does not sanitize the language parameter in specific POST requests. This could allow an authenticated remote attacker to execute arbitrary code with root privileges.

Published

2025-04-08T09:15:18.150

Last Modified

2025-09-23T16:37:39.860

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 9.1 (CRITICAL)

Weaknesses

Type: Secondary
CWE-78

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	siemens	7kt_pac1260_data_manager_firmware	*	Yes
Hardware	siemens	7kt_pac1260_data_manager	-	No

References

https://cert-portal.siemens.com/productcert/html/ssa-187636.html Vendor Advisory ([email protected])