CVE-2024-41793

HIGH Year: 2024
CVSS v3 Score
8.6
High
Weakness Type
CWE-306
View all →

Vulnerability Description

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices provides an endpoint that allows to enable the ssh service without authentication. This could allow an unauthenticated remote attacker to enable remote access to the device via ssh.

Related Vulnerabilities

CVE-2017-1483

HIGH
CVSS:8.6(High)

IBM Security Identity Manager Adapters 6.0 and 7.0 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID:...

CWE-3062017

CVE-2018-17924

HIGH
CVSS:8.6(High)

Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules An unauthenticated, remote threat actor could send a CIP connection request to an affected device, and upon...

CWE-3062018

CVE-2019-13933

HIGH
CVSS:8.6(High)

A vulnerability has been identified in SCALANCE X204RNA (HSR), SCALANCE X204RNA (PRP), SCALANCE X204RNA EEC (HSR), SCALANCE X204RNA EEC (PRP), SCALANCE X204RNA EEC (PRP/HSR), SCALANCE X302-7 EEC (230V...

CWE-3062019

CVE-2019-7390

HIGH
CVSS:8.6(High)

An issue was discovered in /bin/goahead on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to hijack the DNS service configuration of all cli...

CWE-3062019

CVE-2019-8993

HIGH
CVSS:8.6(High)

The administrative web server component of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO ActiveMa...

CWE-3062019

CVE-2020-6235

HIGH
CVSS:8.6(High)

SAP Solution Manager (Diagnostics Agent), version 7.2, does not perform the authentication check for the functionalities of the Collector Simulator, leading to Missing Authentication.

CWE-3062020