CVE-2024-41792

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager All versions. The web interface of affected devices contains a path traversal vulnerability. This could allow an unauthenticated attacker it to access arbitrary files on the device with root privileges...

CVE-2024-41791

CVE-2024-41791 affects Siemens SENTRON 7KT PAC1260 Data Manager (all versions). The issue is an unauthenticated report-creation path in the device web interface, enabling an unauthenticated remote attacker to read or clear log files, reset the device, or modify the date/time. Connected advisories...

CVE-2024-41790

CVE-2024-41790 affects Siemens SENTRON 7KT PAC1260 Data Manager (all versions). The issue is an OS command injection stemming from improper handling of the region parameter in specific POST requests to the device’s web interface, allowing an authenticated remote attacker to execute arbitrary comm...

CVE-2024-41789

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager All versions. The web interface of affected devices does not sanitize the language parameter in specific POST requests. This could allow an authenticated remote attacker to execute arbitrary code with root privileges...

CVE-2024-41788

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager All versions. The web interface of affected devices does not sanitize the input parameters in specific GET requests. This could allow an authenticated remote attacker to execute arbitrary code with root privileges...

CVE-2024-41788

The CVE-2024-41788 entry concerns Siemens SENTRON 7KT PAC1260 Data Manager. The issue is an OS command injection in the device’s web interface caused by input parameters in specific GET requests not being sanitized, enabling an authenticated remote attacker to execute arbitrary code with root pri...

CVE-2024-41788

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager All versions. The web interface of affected devices does not sanitize the input parameters in specific GET requests. This could allow an authenticated remote attacker to execute arbitrary code with root privileges...

Siemens SENTRON 7KT PAC1260 Data Manager 操作系统命令注入漏洞

Siemens SENTRON 7KT PAC1260 Data Manager is a device for power monitoring and energy management from Siemens Germany. The Siemens SENTRON 7KT PAC1260 Data Manager suffers from an OS command injection vulnerability that stems from not cleaning up the region parameter of a specific POST request,...

Siemens SENTRON 7KT PAC1260 Data Manager 操作系统命令注入漏洞

Siemens SENTRON 7KT PAC1260 Data Manager is a device for power monitoring and energy management from Siemens Germany. The Siemens SENTRON 7KT PAC1260 Data Manager suffers from an OS command injection vulnerability that stems from not cleaning up the input parameter of a specific GET request, whic...

Siemens SENTRON 7KT PAC1260 Data Manager 访问控制错误漏洞

Siemens SENTRON 7KT PAC1260 Data Manager is a device for power monitoring and energy management from Siemens Germany. An Access Control Error vulnerability exists in the Siemens SENTRON 7KT PAC1260 Data Manager, which originates from an unauthenticated SSH service enabled endpoint, and can be...

Siemens SENTRON 7KT PAC1260 Data Manager

SUMMARY SENTRON 7KT PAC1260 Data Manager is affected by multiple vulnerabilities as listed below. Software fixes can no longer be provided for The SENTRON 7KT PAC1260 Data Manager. This advisory documents the known open vulnerabilities. To fix the vulnerabilities, Siemens recommends to replace...