Primary

Context

Siemens SENTRON 7KT PAC1260 Data Manager Language Parameter OS Command Injection Vulnerability

Vulnerability

A vulnerability exists in the Siemens SENTRON 7KT PAC1260 Data Manager, all versions, due to the web interface failing to properly sanitize the language parameter in certain POST requests. This flaw could enable an authenticated remote attacker to execute arbitrary code with root privileges on the affected device.

Impact

Exploitation of this vulnerability allows authenticated remote attackers to execute arbitrary code with root privileges on the affected device.

Remediation

Siemens no longer provides software fixes for the SENTRON 7KT PAC1260 Data Manager. Users are advised to replace the device with the SENTRON 7KT PAC1261 Data Manager and update to the latest available firmware version. The new model 7KT1261 is available through the Siemens Industry Mall.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Siemens SENTRON 7KT PAC1260 Data Manager Language Parameter OS Command Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating