CVE-2024-41791
First published: Tue Apr 08 2025(Updated: )
A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices does not authenticate report creation requests. This could allow an unauthenticated remote attacker to read or clear the log files on the device, reset the device or set the date and time.
Credit: productcert@siemens.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SENTRON 7KT PAC1260 Data Manager | <=All versions |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-41791?
CVE-2024-41791 has a medium severity rating due to its potential for unauthorized access and manipulation of device functions.
How do I fix CVE-2024-41791?
To fix CVE-2024-41791, ensure that your SENTRON 7KT PAC1260 Data Manager is updated to a version that includes authentication mechanisms for report creation.
What are the risks associated with CVE-2024-41791?
The risks associated with CVE-2024-41791 include unauthorized log access, system resets, and potential device reconfiguration by attackers.
Can CVE-2024-41791 be exploited remotely?
Yes, CVE-2024-41791 can be exploited remotely by an unauthenticated attacker due to lack of authentication on report creation requests.
Which devices are affected by CVE-2024-41791?
All versions of the Siemens SENTRON 7KT PAC1260 Data Manager are affected by CVE-2024-41791.
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/severity
- agent/author
- agent/last-modified-date
- agent/source
- agent/tags
- agent/event
- vendor/siemens
- canonical/sentron 7kt pac1260 data manager