CVE-2024-22039: Buffer Overflow
First published: Tue Mar 12 2024(Updated: )
A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions < IP8), Cerberus PRO EN Fire Panel FC72x IP6 (All versions < IP6 SR3), Cerberus PRO EN Fire Panel FC72x IP7 (All versions < IP7 SR5), Cerberus PRO EN X200 Cloud Distribution IP7 (All versions < V3.0.6602), Cerberus PRO EN X200 Cloud Distribution IP8 (All versions < V4.0.5016), Cerberus PRO EN X300 Cloud Distribution IP7 (All versions < V3.2.6601), Cerberus PRO EN X300 Cloud Distribution IP8 (All versions < V4.2.5015), Cerberus PRO UL Compact Panel FC922/924 (All versions < MP4), Cerberus PRO UL Engineering Tool (All versions < MP4), Cerberus PRO UL X300 Cloud Distribution (All versions < V4.3.0001), Desigo Fire Safety UL Compact Panel FC2025/2050 (All versions < MP4), Desigo Fire Safety UL Engineering Tool (All versions < MP4), Desigo Fire Safety UL X300 Cloud Distribution (All versions < V4.3.0001), Sinteso FS20 EN Engineering Tool (All versions < MP8), Sinteso FS20 EN Fire Panel FC20 MP6 (All versions < MP6 SR3), Sinteso FS20 EN Fire Panel FC20 MP7 (All versions < MP7 SR5), Sinteso FS20 EN X200 Cloud Distribution MP7 (All versions < V3.0.6602), Sinteso FS20 EN X200 Cloud Distribution MP8 (All versions < V4.0.5016), Sinteso FS20 EN X300 Cloud Distribution MP7 (All versions < V3.2.6601), Sinteso FS20 EN X300 Cloud Distribution MP8 (All versions < V4.2.5015), Sinteso Mobile (All versions < V3.0.0). The network communication library in affected systems does not validate the length of certain X.509 certificate attributes which might result in a stack-based buffer overflow. This could allow an unauthenticated remote attacker to execute code on the underlying operating system with root privileges.
Credit: productcert@siemens.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Siemens Cerberus Pro En Engineering Tool | <ip8 | |
| Siemens Cerberus Pro En Fire Panel Fc72x | <ip8 | |
| Siemens Cerberus Pro En X200 Cloud Distribution | <4.0.5016 | |
| Siemens Cerberus Pro En X300 Cloud Distribution | <4.2.5015 | |
| Siemens Sinteso Fs20 En Engineering Tool | <mp8 | |
| Siemens Sinteso Fs20 En Fire Panel Fc20 | <mp8 | |
| Siemens Sinteso Fs20 En X200 Cloud Distribution | <4.0.5016 | |
| Siemens Sinteso Fs20 En X300 Cloud Distribution | <4.2.5015 | |
| Siemens Sinteso Mobile | <3.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/weakness
- agent/references
- agent/type
- agent/first-publish-date
- agent/description
- agent/author
- agent/event
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/severity
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/siemens
- canonical/siemens cerberus pro en engineering tool
- canonical/siemens cerberus pro en fire panel fc72x
- canonical/siemens cerberus pro en x200 cloud distribution
- canonical/siemens cerberus pro en x300 cloud distribution
- canonical/siemens sinteso fs20 en engineering tool
- canonical/siemens sinteso fs20 en fire panel fc20
- canonical/siemens sinteso fs20 en x200 cloud distribution
- canonical/siemens sinteso fs20 en x300 cloud distribution
- canonical/siemens sinteso mobile