A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices does not sanitize the input parameters in specific GET requests. This could allow an authenticated remote attacker to execute arbitrary code with root privileges.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XSiemens 7kt Pac1260 Data Manager
HWSiemenswszystkie wersjeSiemens 7kt Pac1260 Data Manager Firmware
OSSiemenswszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCECommand Injection
CWE
Related vulnerabilities
CVE-2024-41789CRITICAL9.4PL ✓ten sam produkt
Command Injection w Siemens SENTRON 7KT PAC1260 Data Manager
CVE-2024-41790CRITICAL9.4PL ✓ten sam produkt
Command injection w Siemens SENTRON 7KT PAC1260 Data Manager — RCE jako root
CVE-2024-41794CRITICAL10.0PL ✓ten sam produkt
Hardcoded credentials z dostępem root w Siemens SENTRON 7KT PAC1260 Data Manager
CVE-2024-41792CRITICAL9.2PL ✓ten sam produkt
Path traversal w Siemens SENTRON 7KT PAC1260 Data Manager
CVE-2024-41793HIGH7.7ten sam produkt
A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of a...