Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-w7vx-px98-f5m7

Опубликовано: 08 апр. 2025
Источник: github
Github: Не прошло ревью
CVSS4: 6.9
CVSS3: 6.5

Описание

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices is vulnerable to Cross-Site Request Forgery (CSRF) attacks. This could allow an unauthenticated attacker to change arbitrary device settings by tricking a legitimate device administrator to click on a malicious link.

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices is vulnerable to Cross-Site Request Forgery (CSRF) attacks. This could allow an unauthenticated attacker to change arbitrary device settings by tricking a legitimate device administrator to click on a malicious link.

Ссылки

EPSS

Процентиль: 23%
0.00079
Низкий

6.9 Medium

CVSS4

6.5 Medium

CVSS3

CVE ID

CVE-2024-41795

Дефекты

CWE-352

Связанные уязвимости

nvd логотип

CVE-2024-41795

CVSS3: 6.5
nvd
10 месяцев назад

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices is vulnerable to Cross-Site Request Forgery (CSRF) attacks. This could allow an unauthenticated attacker to change arbitrary device settings by tricking a legitimate device administrator to click on a malicious link.

fstec логотип

BDU:2025-04274

CVSS3: 6.5
fstec
10 месяцев назад

Уязвимость компонента Data Manager микропрограммного обеспечения многофункциональных приборов измерения параметров электрических сетей Siemens SENTRON 7KT PAC1260, позволяющая нарушителю осуществить CSRF-атаку

EPSS

Процентиль: 23%
0.00079
Низкий

6.9 Medium

CVSS4

6.5 Medium

CVSS3

CVE ID

CVE-2024-41795

Дефекты

CWE-352