PatchSiren cyber security CVE debrief
CVE-2024-41793 Siemens CVE debrief
CVE-2024-41793 affects Siemens SENTRON 7KT PAC1260 Data Manager devices. According to the CISA CSAF advisory, the web interface exposes an endpoint that can enable SSH service without authentication, allowing a remote attacker to turn on remote access to the device. The advisory rates the issue HIGH with a CVSS v3.1 score of 8.6, and states that no fix is currently planned. Because the issue is network reachable and requires no authentication, organizations should treat exposed instances as a high-priority OT/ICS exposure and rely on compensating controls until vendor guidance changes.
- Vendor
- Siemens
- Product
- SENTRON 7KT PAC1260 Data Manager
- CVSS
- HIGH 8.6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-04-08
- Original CVE updated
- 2025-04-08
- Advisory published
- 2025-04-08
- Advisory updated
- 2025-04-08
Who should care
Siemens SENTRON 7KT PAC1260 Data Manager operators, industrial control system administrators, OT security teams, network defenders, and anyone exposing the device’s web interface or SSH service to untrusted networks should review this issue immediately.
Technical summary
The advisory describes an unauthenticated endpoint in the device web interface that can enable SSH. An attacker does not need credentials to invoke the function, and the result is remote access over SSH to the device. The supplied CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N, which reflects network reachability, no privileges required, and high integrity impact. The source material does not describe additional payloads, persistence steps, or follow-on actions beyond enabling SSH.
Defensive priority
High. This is a remotely reachable, unauthenticated control-path issue affecting an industrial device, and the source advisory indicates no fix is planned. Focus on exposure reduction and compensating controls now.
Recommended defensive actions
- Identify all Siemens SENTRON 7KT PAC1260 Data Manager deployments and confirm whether the web interface is reachable from untrusted networks.
- Restrict access to the device management interface using network segmentation, ACLs, jump hosts, or management-only networks.
- Review whether SSH is enabled unexpectedly on affected devices and monitor for configuration changes that turn it on.
- Apply CISA and Siemens industrial control system defensive guidance referenced in the advisory, especially defense-in-depth and recommended-practices documents.
- Minimize or remove external exposure of OT management interfaces and ensure only authorized administrators can reach them.
- Increase monitoring for unexpected remote administration activity and configuration changes on affected devices.
- Track vendor advisories for any future remediation updates, since the source advisory states no fix is currently planned.
Evidence notes
The source corpus is a CISA CSAF advisory for Siemens SENTRON 7KT PAC1260 Data Manager (ICSA-25-100-06), published 2025-04-08, describing an unauthenticated web-interface endpoint that can enable SSH and allow remote access. The advisory lists CVSS v3.1 8.6 / HIGH with vector AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N, and the remediation section states that no fix is planned. Related official references include the Siemens ProductCERT advisory and the CISA ICS advisory page.
Official resources
-
CVE-2024-41793 CVE record
CVE.org
-
CVE-2024-41793 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published the advisory and source CSAF on 2025-04-08. The supplied timeline shows the same date for publication and modification, and the advisory states that no fix is currently planned.