Primary

Context

Siemens SENTRON 7KT PAC1260 Data Manager Missing Authentication Vulnerability in Web Interface

Vulnerability

A vulnerability exists in the Siemens SENTRON 7KT PAC1260 Data Manager, all versions, due to the web interface not authenticating report creation requests. This flaw enables an unauthenticated remote attacker to read or clear the device's log files, reset the device, or adjust the date and time settings.

Impact

Exploitation of this vulnerability allows for unauthorized access to device logs, the ability to reset the device, and manipulation of date and time settings.

Remediation

Siemens no longer provides software fixes for the SENTRON 7KT PAC1260 Data Manager. Users are advised to replace the device with the SENTRON 7KT PAC1261 Data Manager and update to the latest firmware version. The new model is available through the Siemens Industry Mall.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.8

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.8

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Siemens SENTRON 7KT PAC1260 Data Manager Missing Authentication Vulnerability in Web Interface

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating