PatchSiren cyber security CVE debrief
CVE-2024-41791 Siemens CVE debrief
CVE-2024-41791 describes a web-interface authentication failure in Siemens SENTRON 7KT PAC1260 Data Manager. According to the CISA CSAF advisory published on 2025-04-08, affected devices do not authenticate report creation requests, which could let an unauthenticated remote attacker read or clear log files, reset the device, or set the date and time. Siemens’ advisory referenced in the source corpus states that no fix is currently planned, so defenders should focus on access restriction and compensating controls.
- Vendor
- Siemens
- Product
- SENTRON 7KT PAC1260 Data Manager
- CVSS
- HIGH 7.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-04-08
- Original CVE updated
- 2025-04-08
- Advisory published
- 2025-04-08
- Advisory updated
- 2025-04-08
Who should care
OT/ICS operators, Siemens SENTRON 7KT PAC1260 Data Manager owners, plant engineers, and network/security teams responsible for industrial device management interfaces.
Technical summary
The issue is an unauthenticated remote attack surface in the device’s web interface. The advisory indicates that report creation requests are not authenticated, enabling a remote attacker without credentials to read or clear logs, reset the device, or change the date/time. The supplied CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L, which aligns with network reachability, no required privileges, and direct impact to confidentiality, integrity, and availability.
Defensive priority
High. This is network-reachable, requires no authentication, and can affect logging, configuration, and device availability on an industrial device with no planned fix in the source advisory.
Recommended defensive actions
- Restrict access to the device web interface to trusted management hosts and networks only.
- Segment the device within OT/ICS network zones and limit lateral movement paths.
- Monitor for unexpected log clearing, device resets, or time-setting changes.
- Review whether the interface is exposed beyond administrative use and remove unnecessary exposure.
- Apply Siemens and CISA recommended industrial-control-system defensive practices as compensating controls.
- Track Siemens advisory SSA-187636 and CISA advisory ICSA-25-100-06 for any future remediation updates.
Evidence notes
Primary evidence comes from the CISA CSAF advisory ICSA-25-100-06 and the Siemens advisory references embedded in the source corpus. The advisory text explicitly states that report creation requests are not authenticated and that an unauthenticated remote attacker may read or clear logs, reset the device, or set date/time. The source corpus also lists Siemens as the affected vendor/product owner and notes that no fix is currently planned. Published/modified dates in the supplied timeline are 2025-04-08.
Official resources
-
CVE-2024-41791 CVE record
CVE.org
-
CVE-2024-41791 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in CISA CSAF ICSA-25-100-06 on 2025-04-08, with the same date reflected in the supplied timeline.