2025-04-08 10:04:27 +00:00
{
"id" : "CVE-2024-41788" ,
"sourceIdentifier" : "productcert@siemens.com" ,
"published" : "2025-04-08T09:15:17.820" ,
2025-04-08 20:03:57 +00:00
"lastModified" : "2025-04-08T18:13:53.347" ,
"vulnStatus" : "Awaiting Analysis" ,
2025-04-08 10:04:27 +00:00
"cveTags" : [ ] ,
"descriptions" : [
{
"lang" : "en" ,
"value" : "A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices does not sanitize the input parameters in specific GET requests. This could allow an authenticated remote attacker to execute arbitrary code with root privileges."
2025-04-13 02:04:23 +00:00
} ,
{
"lang" : "es" ,
"value" : "Se ha identificado una vulnerabilidad en el gestor de datos SENTRON 7KT PAC1260 (todas las versiones). La interfaz web de los dispositivos afectados no depura los par\u00e1metros de entrada en solicitudes GET espec\u00edficas. Esto podr\u00eda permitir que un atacante remoto autenticado ejecute c\u00f3digo arbitrario con privilegios de root."
2025-04-08 10:04:27 +00:00
}
] ,
"metrics" : {
"cvssMetricV40" : [
{
"source" : "productcert@siemens.com" ,
"type" : "Secondary" ,
"cvssData" : {
"version" : "4.0" ,
"vectorString" : "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" ,
"baseScore" : 9.4 ,
"baseSeverity" : "CRITICAL" ,
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"attackRequirements" : "NONE" ,
"privilegesRequired" : "HIGH" ,
"userInteraction" : "NONE" ,
"vulnConfidentialityImpact" : "HIGH" ,
"vulnIntegrityImpact" : "HIGH" ,
"vulnAvailabilityImpact" : "HIGH" ,
"subConfidentialityImpact" : "HIGH" ,
"subIntegrityImpact" : "HIGH" ,
"subAvailabilityImpact" : "HIGH" ,
"exploitMaturity" : "NOT_DEFINED" ,
"confidentialityRequirement" : "NOT_DEFINED" ,
"integrityRequirement" : "NOT_DEFINED" ,
"availabilityRequirement" : "NOT_DEFINED" ,
"modifiedAttackVector" : "NOT_DEFINED" ,
"modifiedAttackComplexity" : "NOT_DEFINED" ,
"modifiedAttackRequirements" : "NOT_DEFINED" ,
"modifiedPrivilegesRequired" : "NOT_DEFINED" ,
"modifiedUserInteraction" : "NOT_DEFINED" ,
"modifiedVulnConfidentialityImpact" : "NOT_DEFINED" ,
"modifiedVulnIntegrityImpact" : "NOT_DEFINED" ,
"modifiedVulnAvailabilityImpact" : "NOT_DEFINED" ,
"modifiedSubConfidentialityImpact" : "NOT_DEFINED" ,
"modifiedSubIntegrityImpact" : "NOT_DEFINED" ,
"modifiedSubAvailabilityImpact" : "NOT_DEFINED" ,
"Safety" : "NOT_DEFINED" ,
"Automatable" : "NOT_DEFINED" ,
"Recovery" : "NOT_DEFINED" ,
"valueDensity" : "NOT_DEFINED" ,
"vulnerabilityResponseEffort" : "NOT_DEFINED" ,
"providerUrgency" : "NOT_DEFINED"
}
}
] ,
"cvssMetricV31" : [
{
"source" : "productcert@siemens.com" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" ,
"baseScore" : 9.1 ,
"baseSeverity" : "CRITICAL" ,
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "HIGH" ,
"userInteraction" : "NONE" ,
"scope" : "CHANGED" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "HIGH" ,
"availabilityImpact" : "HIGH"
} ,
"exploitabilityScore" : 2.3 ,
"impactScore" : 6.0
}
]
} ,
"weaknesses" : [
{
"source" : "productcert@siemens.com" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-78"
}
]
}
] ,
"references" : [
{
"url" : "https://cert-portal.siemens.com/productcert/html/ssa-187636.html" ,
"source" : "productcert@siemens.com"
}
]
}
