← Back to home
ICSA-26-134-14  ·  Published 2026-05-14  ·  View on CISA ICS-CERT ↗

Siemens SENTRON 7KT PAC1261 Data Manager

CVSS 9.1 CRITICAL

Risk Summary

The web server in SENTRON 7KT PAC1261 Data Manager Before V2.1.0 contains a request smuggling vulnerability in the Go Project's net/http package that could allow an attacker to retrieve authorization tokens that can be used to gain administrative control over the device. Siemens has released a new version for SENTRON 7KT PAC1261 Data Manager and recommends to update to the latest version.

CVEs (1)

Remediations

  • Use encrypted protocols
  • Update to V2.1.0 or later version

Affected Vendors

Siemens

Affected Products (1)

Siemens · SENTRON 7KT PAC1261 Data Manager vers:intdot/<2.1.0

Affected Sectors

Energy

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more