Siemens SENTRON 7KT PAC1261 Data Manager

SUMMARY The web server in SENTRON 7KT PAC1261 Data Manager Before V2.1.0 contains a request smuggling vulnerability in the Go Project's net/http package that could allow an attacker to retrieve authorization tokens that can be used to gain administrative control over the device. Siemens has...

Siemens Desigo CC Product Family and SENTRON Powermanager

SUMMARY Versions V6.0 through V8 QU1 of the Desigo CC product family Desigo CC, Desigo CC Compact, Desigo CC Connect, Cerberus DMS, as well as the Desigo CC-based SENTRON Powermanager, are affected by a vulnerability in the underlying third-party component WIBU Systems CodeMeter Runtime...

CVE-2024-41796

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager All versions. The web interface of affected devices allows to change the login password without knowing the current password. In combination with a prepared CSRF attack CVE-2024-41795 an unauthenticated attacker could be able...

CVE-2024-41791

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager All versions. The web interface of affected devices does not authenticate report creation requests. This could allow an unauthenticated remote attacker to read or clear the log files on the device, reset the device or set the...

CVE-2024-41795

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager All versions. The web interface of affected devices is vulnerable to Cross-Site Request Forgery CSRF attacks. This could allow an unauthenticated attacker to change arbitrary device settings by tricking a legitimate device...

CVE-2024-41790

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager All versions. The web interface of affected devices does not sanitize the region parameter in specific POST requests. This could allow an authenticated remote attacker to execute arbitrary code with root privileges...

CVE-2024-41789

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager All versions. The web interface of affected devices does not sanitize the language parameter in specific POST requests. This could allow an authenticated remote attacker to execute arbitrary code with root privileges...

CVE-2024-41798

A vulnerability has been identified in SENTRON 7KM PAC3200 All versions. Affected devices only provide a 4-digit PIN to protect from administrative access via Modbus TCP interface. Attackers with access to the Modbus TCP interface could easily bypass this protection by brute-force attacks or by...

CVE-2024-41794

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager All versions. Affected devices contain hardcoded credentials for remote access to the device operating system with root privileges. This could allow unauthenticated remote attackers to gain full access to a device, if they ar...

EUVD-2021-23781

Malware in sbrugna...

EUVD-2024-19192

Malicious code in bioql PyPI...

EUVD-2025-10336

Malicious code in bioql PyPI...

EUVD-2025-10349

Malicious code in bioql PyPI...

EUVD-2025-10350

Malicious code in bioql PyPI...

EUVD-2025-10330

Malicious code in bioql PyPI...

EUVD-2024-19647

Malicious code in bioql PyPI...

EUVD-2025-10327

Malicious code in bioql PyPI...

EUVD-2025-10348

Malicious code in bioql PyPI...

EUVD-2024-39189

Malicious code in bioql PyPI...

EUVD-2025-10344

Malicious code in bioql PyPI...