PatchSiren cyber security CVE debrief
CVE-2024-41796 Siemens CVE debrief
CVE-2024-41796 affects Siemens SENTRON 7KT PAC1260 Data Manager web interfaces and is publicly documented in the 2025-04-08 CISA/Siemens advisory set. The issue is not a standalone password reset bypass by itself in the advisory’s framing; rather, it becomes dangerous when combined with a prepared CSRF attack (CVE-2024-41795), which can allow an unauthenticated attacker to set the login password to an attacker-controlled value.
- Vendor
- Siemens
- Product
- SENTRON 7KT PAC1260 Data Manager
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-04-08
- Original CVE updated
- 2025-04-08
- Advisory published
- 2025-04-08
- Advisory updated
- 2025-04-08
Who should care
OT/ICS operators, Siemens SENTRON 7KT PAC1260 Data Manager administrators, and defenders responsible for the device’s web management interface should care most. The risk is highest for teams that rely on browser-based admin sessions and cannot tightly control user interaction during management tasks.
Technical summary
The advisory states that the affected device web interface allows the login password to be changed without knowing the current password. In combination with a prepared CSRF attack (CVE-2024-41795), this can let an unauthenticated attacker force a password change to a value they control. Siemens/CISA assign CVSS 3.1 vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N, reflecting network reachability, required user interaction, and high integrity impact with no confidentiality or availability impact indicated.
Defensive priority
Medium. Treat as higher urgency if administrators use the web interface from general browsing sessions or if the management surface is difficult to isolate, because successful chaining can lead to account takeover through password replacement.
Recommended defensive actions
- Follow the Siemens/CISA advisory guidance for this product and monitor for any later vendor update, noting that the source advisory currently says no fix is planned.
- Do not access links from untrusted sources while logged in to affected devices; log out of the management interface before browsing external content.
- Restrict access to the device web interface to trusted administrative workflows and apply general ICS defensive practices referenced by CISA.
- Review administrative accounts and credentials for unexpected password changes, and investigate any suspicious login or configuration activity.
- Track CVE-2024-41795 as a prerequisite part of the attack chain, since the password-change issue is described as dangerous in combination with that CSRF flaw.
Evidence notes
The supplied CISA CSAF source (ICSA-25-100-06) and Siemens references identify Siemens SENTRON 7KT PAC1260 Data Manager as the affected product and repeat the same vulnerability description. The advisory was published and modified on 2025-04-08. The remediation section in the source says no fix is currently planned and explicitly advises not to access links from untrusted sources while logged in at affected devices.
Official resources
-
CVE-2024-41796 CVE record
CVE.org
-
CVE-2024-41796 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed by CISA and Siemens on 2025-04-08. The advisory states that no fix is currently planned.