CVE-2024-41795 Siemens CVE debrief

Who should care

Administrators and security teams responsible for Siemens SENTRON 7KT PAC1260 Data Manager deployments, especially where the web interface is accessible in OT/ICS environments.

Technical summary

The advisory describes a cross-site request forgery condition in the device web interface. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N, indicating network reachability, no privileges required, user interaction required, and a high integrity impact. The practical risk is unauthorized configuration changes triggered through a malicious link presented to a logged-in administrator.

Defensive priority

Medium to elevated priority for exposed OT management interfaces: the issue requires user interaction, but it can directly alter device settings and the vendor advisory lists no planned fix.

Recommended defensive actions

• Do not open untrusted links while authenticated to the affected device web interface.
• Review Siemens advisory SSA-187636 and the CISA ICS advisory for vendor guidance and status updates.
• Limit access to the management web interface to trusted administrative networks and approved users only.
• Follow CISA ICS recommended practices and defense-in-depth guidance for industrial control systems.
• Monitor device configuration changes for unexpected or unauthorized modifications.

Evidence notes

All statements are based on the supplied CISA CSAF advisory ICSA-25-100-06 and its referenced Siemens materials, published on 2025-04-08. The source text explicitly identifies CSRF in the web interface, the ability to change arbitrary device settings by tricking a legitimate administrator to click a malicious link, the affected product as Siemens SENTRON 7KT PAC1260 Data Manager, the CVSS vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N, and the remediation note that no fix is currently planned.

Official resources