PatchSiren cyber security CVE debrief
CVE-2024-41790 Siemens CVE debrief
CVE-2024-41790 is a critical vulnerability in Siemens SENTRON 7KT PAC1260 Data Manager devices. The affected web interface fails to sanitize the region parameter in specific POST requests, which can let an authenticated remote attacker execute arbitrary code with root privileges.
- Vendor
- Siemens
- Product
- SENTRON 7KT PAC1260 Data Manager
- CVSS
- CRITICAL 9.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-04-08
- Original CVE updated
- 2025-04-08
- Advisory published
- 2025-04-08
- Advisory updated
- 2025-04-08
Who should care
OT/ICS operators, Siemens SENTRON 7KT PAC1260 Data Manager owners, plant security teams, vulnerability management teams, and incident responders should treat this as a high-priority issue, especially where the web interface is reachable from broader networks.
Technical summary
The advisory data describes a web-interface input handling flaw: the region parameter in specific POST requests is not sanitized. The reported impact is authenticated remote code execution with root privileges. The supplied CVSS vector is CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H, and the source remediation field states that no fix is currently planned.
Defensive priority
Immediate. This is a network-reachable, high-impact issue affecting an OT/ICS product, with root-level code execution potential once an attacker has authentication. Prioritize exposure reduction and compensating controls where the interface cannot be removed or fully patched.
Recommended defensive actions
- Identify all deployments of Siemens SENTRON 7KT PAC1260 Data Manager and confirm whether the web interface is exposed beyond trusted administration networks.
- Restrict access to the management interface to approved administrative hosts, VPNs, or segmented OT management zones.
- Review authenticated account use and alert on unusual or unauthorized POST activity against the device web interface.
- Follow the Siemens advisory and the CISA ICS advisory guidance referenced for this CVE, and implement compensating controls where no fix is available.
- Monitor for signs of unauthorized configuration changes, unexpected command execution, or other indicators of root-level compromise.
Evidence notes
All core facts in this debrief come from the supplied CISA CSAF advisory item and its linked Siemens/CISA references: the affected product is Siemens SENTRON 7KT PAC1260 Data Manager, the flaw is unsanitized region parameter handling in specific POST requests, the impact is authenticated remote code execution with root privileges, and the remediation field states that no fix is planned. The published and modified dates provided for the CVE and source item are both 2025-04-08, which is the date used here for timing context.
Official resources
-
CVE-2024-41790 CVE record
CVE.org
-
CVE-2024-41790 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CVE published and source advisory published/modified on 2025-04-08. This debrief uses that advisory date as the disclosure context and does not infer any earlier issue date.