CVE-2024-41790: OS Command Injection
First published: Tue Apr 08 2025(Updated: )
A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices does not sanitize the region parameter in specific POST requests. This could allow an authenticated remote attacker to execute arbitrary code with root privileges.
Credit: productcert@siemens.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SENTRON 7KT PAC1260 Data Manager | <= |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-41790?
CVE-2024-41790 is rated as critical due to its potential to allow authenticated remote attackers to execute arbitrary code with root privileges.
How do I fix CVE-2024-41790?
To fix CVE-2024-41790, ensure that you implement the latest security updates provided by Siemens for the SENTRON 7KT PAC1260 Data Manager.
Who is affected by CVE-2024-41790?
All versions of the Siemens SENTRON 7KT PAC1260 Data Manager are affected by CVE-2024-41790.
What is the nature of the vulnerability in CVE-2024-41790?
CVE-2024-41790 is caused by the lack of proper sanitization of the region parameter in the web interface of the device.
Can CVE-2024-41790 be exploited without authentication?
No, CVE-2024-41790 requires an authenticated user to exploit the vulnerability and execute arbitrary code.
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/severity
- agent/author
- agent/last-modified-date
- agent/source
- agent/tags
- agent/event
- vendor/siemens
- canonical/sentron 7kt pac1260 data manager