CVE-2024-41796

MEDIUM Year: 2024
CVSS v3 Score
6.5
Medium
Weakness Type
CWE-620
View all →

Vulnerability Description

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices allows to change the login password without knowing the current password. In combination with a prepared CSRF attack (CVE-2024-41795) an unauthenticated attacker could be able to set the password to an attacker-controlled value.

Related Vulnerabilities

CVE-2021-22773

MEDIUM
CVSS:6.5(Medium)

A CWE-620: Unverified Password Change vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1...

CWE-6202021

CVE-2023-4465

MEDIUM
CVSS:6.5(Medium)

A vulnerability, which was classified as problematic, was found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300...

CWE-6202023

CVE-2024-51493

MEDIUM
CVSS:6.5(Medium)

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.2 contain a vulnerability that allows an attacker that has gained temporary cont...

CWE-6202024

CVE-2023-25931

MEDIUM
CVSS:6.8(Medium)

Medtronic identified that the Pelvic Health clinician apps, which are installed on the Smart Programmer mobile device, have a password vulnerability that requires a security update to fix. Not updatin...

CWE-6202023

CVE-2021-34785

HIGH
CVSS:7.2(High)

Multiple vulnerabilities in Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to delete arbitrary user accounts or gain elevated privileges on an affected s...

CWE-6202021

CVE-2022-21935

HIGH
CVSS:7.5(High)

A vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 allows unverified password change.

CWE-6202022