A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices provides an endpoint that allows to enable the ssh service without authentication. This could allow an unauthenticated remote attacker to enable remote access to the device via ssh.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XSiemens 7kt Pac1260 Data Manager
HWSiemenswszystkie wersjeSiemens 7kt Pac1260 Data Manager Firmware
OSSiemenswszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
Related vulnerabilities
CVE-2024-41788CRITICAL9.4PL ✓ten sam produkt
Command Injection w Siemens SENTRON 7KT PAC1260 Data Manager – RCE jako root
CVE-2024-41789CRITICAL9.4PL ✓ten sam produkt
Command Injection w Siemens SENTRON 7KT PAC1260 Data Manager
CVE-2024-41790CRITICAL9.4PL ✓ten sam produkt
Command injection w Siemens SENTRON 7KT PAC1260 Data Manager — RCE jako root
CVE-2024-41792CRITICAL9.2PL ✓ten sam produkt
Path traversal w Siemens SENTRON 7KT PAC1260 Data Manager
CVE-2024-41794CRITICAL10.0PL ✓ten sam produkt
Hardcoded credentials z dostępem root w Siemens SENTRON 7KT PAC1260 Data Manager