CVE-2024-41794: A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). Affected devices contain hardcoded credentials for remote...
Description
A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). Affected devices contain hardcoded credentials for remote access to the device operating system with root privileges. This could allow unauthenticated remote attackers to gain full access to a device, if they are in possession of these credentials and if the ssh service is enabled (e.g., by exploitation of CVE-2024-41793).
Classification
CVE ID: CVE-2024-41794
CVSS Base Severity: CRITICAL
CVSS Base Score: 10.0
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Problem Types
CWE-798: Use of Hard-coded CredentialsAffected Products
Vendor: Siemens
Product: SENTRON 7KT PAC1260 Data Manager
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.11% (probability of being exploited)
EPSS Percentile: 30.93% (scored less or equal to compared to others)
EPSS Date: 2025-04-18 (when was this score calculated)
References
https://nvd.nist.gov/vuln/detail/CVE-2024-41794https://cert-portal.siemens.com/productcert/html/ssa-187636.html