CVE-2024-41793
8.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
Summary
A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices provides an endpoint that allows to enable the ssh service without authentication. This could allow an unauthenticated remote attacker to enable remote access to the device via ssh.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Siemens | SENTRON 7KT PAC1260 Data Manager | 0 < * | affected |
Weaknesses
- CWE-306: CWE-306: Missing Authentication for Critical Function
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.