← Back

CVE-2024-41796

nvd nist
Published: Apr 8, 2025Modified: Sep 23, 2025

JSON object

Loading...
6.9
Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Show more
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less
Source: productcert@siemens.com (Secondary)

Description

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices allows to change the login password without knowing the current password. In combination with a prepared CSRF attack (CVE-2024-41795) an unauthenticated attacker could be able to set the password to an attacker-controlled value.

Affected (1)

Siemens
1 product
7kt Pac1260 Data Manager Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
7kt Pac1260 Data Manager Firmware
All versions
Running on/withPlatform Versions
Siemens
7kt Pac1260 Data Manager
All versions

Related CWEs

CWE-620
Unverified Password Change
When setting a new password for a user, the product does not require knowledge of the original password, or using another form of authentication.

References (1)

Source: productcert@siemens.com
Vendor Advisory

Timeline

No history available yet.