Primary

Context

Siemens SENTRON 7KT PAC1260 Data Manager Arbitrary Code Execution Vulnerability

Vulnerability

A vulnerability exists in the SENTRON 7KT PAC1260 Data Manager, all versions, due to the web interface failing to properly sanitize input parameters in certain GET requests. This flaw could enable an authenticated remote attacker to execute arbitrary code with root privileges on the affected device.

Impact

Exploitation of this vulnerability allows for arbitrary code execution with root privileges on the affected device.

Remediation

Siemens no longer provides software fixes for the SENTRON 7KT PAC1260 Data Manager. Users are advised to replace the device with the SENTRON 7KT PAC1261 Data Manager and update to the latest available firmware version. The new model 7KT1261 is available through the Siemens Industry Mall.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.8

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.8

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Siemens SENTRON 7KT PAC1260 Data Manager Arbitrary Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating