CVE-2024-22039

Summary

A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions < IP8), Cerberus PRO EN Fire Panel FC72x IP6 (All versions < IP6 SR3), Cerberus PRO EN Fire Panel FC72x IP7 (All versions < IP7 SR5), Cerberus PRO EN X200 Cloud Distribution IP7 (All versions < V3.0.6602), Cerberus PRO EN X200 Cloud Distribution IP8 (All versions < V4.0.5016), Cerberus PRO EN X300 Cloud Distribution IP7 (All versions < V3.2.6601), Cerberus PRO EN X300 Cloud Distribution IP8 (All versions < V4.2.5015), Cerberus PRO UL Compact Panel FC922/924 (All versions < MP4), Cerberus PRO UL Engineering Tool (All versions < MP4), Cerberus PRO UL X300 Cloud Distribution (All versions < V4.3.0001), Desigo Fire Safety UL Compact Panel FC2025/2050 (All versions < MP4), Desigo Fire Safety UL Engineering Tool (All versions < MP4), Desigo Fire Safety UL X300 Cloud Distribution (All versions < V4.3.0001), Sinteso FS20 EN Engineering Tool (All versions < MP8), Sinteso FS20 EN Fire Panel FC20 MP6 (All versions < MP6 SR3), Sinteso FS20 EN Fire Panel FC20 MP7 (All versions < MP7 SR5), Sinteso FS20 EN X200 Cloud Distribution MP7 (All versions < V3.0.6602), Sinteso FS20 EN X200 Cloud Distribution MP8 (All versions < V4.0.5016), Sinteso FS20 EN X300 Cloud Distribution MP7 (All versions < V3.2.6601), Sinteso FS20 EN X300 Cloud Distribution MP8 (All versions < V4.2.5015), Sinteso Mobile (All versions < V3.0.0). The network communication library in affected systems does not validate the length of certain X.509 certificate attributes which might result in a stack-based buffer overflow. This could allow an unauthenticated remote attacker to execute code on the underlying operating system with root privileges.

Affected Software

VendorProductVersion RangeStatus
SiemensCerberus PRO EN Engineering Tool0 < IP8affected
SiemensCerberus PRO EN Fire Panel FC72x IP60 < IP6 SR3affected
SiemensCerberus PRO EN Fire Panel FC72x IP70 < IP7 SR5affected
SiemensCerberus PRO EN X200 Cloud Distribution IP70 < V3.0.6602affected
SiemensCerberus PRO EN X200 Cloud Distribution IP80 < V4.0.5016affected
SiemensCerberus PRO EN X300 Cloud Distribution IP70 < V3.2.6601affected
SiemensCerberus PRO EN X300 Cloud Distribution IP80 < V4.2.5015affected
SiemensCerberus PRO UL Compact Panel FC922/9240 < MP4affected
SiemensCerberus PRO UL Engineering Tool0 < MP4affected
SiemensCerberus PRO UL X300 Cloud Distribution0 < V4.3.0001affected
SiemensDesigo Fire Safety UL Compact Panel FC2025/20500 < MP4affected
SiemensDesigo Fire Safety UL Engineering Tool0 < MP4affected
SiemensDesigo Fire Safety UL X300 Cloud Distribution0 < V4.3.0001affected
SiemensSinteso FS20 EN Engineering Tool0 < MP8affected
SiemensSinteso FS20 EN Fire Panel FC20 MP60 < MP6 SR3affected
SiemensSinteso FS20 EN Fire Panel FC20 MP70 < MP7 SR5affected
SiemensSinteso FS20 EN X200 Cloud Distribution MP70 < V3.0.6602affected
SiemensSinteso FS20 EN X200 Cloud Distribution MP80 < V4.0.5016affected
SiemensSinteso FS20 EN X300 Cloud Distribution MP70 < V3.2.6601affected
SiemensSinteso FS20 EN X300 Cloud Distribution MP80 < V4.2.5015affected
SiemensSinteso Mobile0 < V3.0.0affected

Weaknesses

  • CWE-120: CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

CVE Program Container

Additional References

References