Siemens SENTRON 7KT PAC1260 Data Manager

Act Now10ICS-CERT ICSA-25-100-06Apr 8, 2025

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

SENTRON 7KT PAC1260 Data Manager contains multiple vulnerabilities including: command injection (CWE-78), missing authentication (CWE-306), path traversal (CWE-22), hardcoded credentials (CWE-798), cross-site request forgery (CWE-352), and improper restriction of rendered UI layers (CWE-620). The device is affected across all firmware versions. No software patches will be provided by Siemens for this product line.

What this means

What could happen

An attacker with network access to the Data Manager could execute arbitrary commands, gain unauthorized access, access sensitive configuration files, or manipulate power monitoring and data logging functions critical to utility operations. Physical process control could be compromised through modification of monitoring parameters or data falsification.

Who's at risk

Municipal electric utilities and water authorities operating SENTRON 7KT PAC1260 Data Managers for power distribution monitoring and load profile management. This device is critical for electrical substation monitoring, demand response, and power quality assessment in utility operations.

How it could be exploited

An attacker on the network containing the Data Manager can directly access the device without authentication, inject operating system commands that execute with device privileges, use hardcoded credentials to gain access, traverse the file system to extract configuration or firmware, or perform actions via cross-site request forgery if accessed through a web interface. The low attack complexity (CVSS AC:L) and network-accessible attack vector mean no special tools or knowledge are required.

Prerequisites

Network connectivity to the SENTRON 7KT PAC1260 Data Manager
Device on a reachable network segment (no authentication required due to CWE-306)
Access to web interface or command interface ports (default configuration assumed)

Remotely exploitableNo authentication requiredLow attack complexityNo patch available (end-of-life product)Multiple vulnerability typesAffects critical infrastructure monitoring

Exploitability

Moderate exploit probability (EPSS 1.0%)

Affected products (1)

ProductAffected VersionsFix Status

SENTRON 7KT PAC1260 Data ManagerAll versionsNo fix (EOL)

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDImplement network access controls (firewall rules, network segmentation) to restrict access to the Data Manager to authorized workstations and engineering networks only

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXReplace the SENTRON 7KT PAC1260 Data Manager with the newer SENTRON 7KT PAC1261 Data Manager

HOTFIXUpdate the replacement SENTRON 7KT PAC1261 Data Manager to the latest available firmware version

Mitigations - no patch available

0/1

SENTRON 7KT PAC1260 Data Manager has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGFollow Siemens' operational guidelines for Industrial Security and implement device hardening per product manual recommendations

CVEs (9)

CVE-2024-41788 CVE-2024-41789 CVE-2024-41790 CVE-2024-41791 CVE-2024-41792 CVE-2024-41793 CVE-2024-41794 CVE-2024-41795 CVE-2024-41796

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/38a4eab5-7f3f-4932-9796-a4ca97203e17