CVE-2024-41794 Siemens CVE debrief

Who should care

Siemens SENTRON 7KT PAC1260 operators, OT/ICS asset owners, plant engineers, and defenders responsible for remote access control and network segmentation.

Technical summary

The source advisory states that affected devices expose hardcoded credentials usable for remote OS access as root. The attack vector is network-based and requires no user interaction. The practical impact is complete compromise of confidentiality, integrity, and availability if the credentials are known and SSH is reachable. The advisory also notes the issue may be reachable when SSH is enabled, including via exploitation of CVE-2024-41793.

Defensive priority

Immediate

Recommended defensive actions

• Inventory all Siemens SENTRON 7KT PAC1260 Data Manager deployments and confirm whether SSH is enabled.
• Restrict SSH to trusted management networks only; block it from untrusted or flat networks.
• Strengthen OT network segmentation and remove direct exposure of the device to the internet or other nonessential networks.
• Review whether any deployments could have used the hardcoded access path and treat exposed systems as high risk.
• Monitor Siemens and CISA advisories for updates; Siemens currently lists no fix planned, so rely on compensating controls.

Evidence notes

This debrief is based only on the supplied CISA CSAF source and linked official references. The source published on 2025-04-08 describes hardcoded credentials for remote OS access with root privileges, states that full device access may result if the credentials are known and SSH is enabled, and lists no planned fix for the affected product. The CVSS vector provided is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H.

Official resources