CVE-2024-22039

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-22039
A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions < IP8), Cerberus PRO EN Fire Panel FC72x IP6 (All versions < IP6 SR3), Cerberus PRO EN Fire Panel FC72x IP7 (All versions < IP7 SR5), Cerberus PRO EN X200 Cloud Distribution IP7 (All versions < V3.0.6602), Cerberus PRO EN X200 Cloud Distribution IP8 (All versions < V4.0.5016), Cerberus PRO EN X300 Cloud Distribution IP7 (All versions < V3.2.6601), Cerberus PRO EN X300 Cloud Distribution IP8 (All versions < V4.2.5015), Cerberus PRO UL Compact Panel FC922/924 (All versions < MP4), Cerberus PRO UL Engineering Tool (All versions < MP4), Cerberus PRO UL X300 Cloud Distribution (All versions < V4.3.0001), Desigo Fire Safety UL Compact Panel FC2025/2050 (All versions < MP4), Desigo Fire Safety UL Engineering Tool (All versions < MP4), Desigo Fire Safety UL X300 Cloud Distribution (All versions < V4.3.0001), Sinteso FS20 EN Engineering Tool (All versions < MP8), Sinteso FS20 EN Fire Panel FC20 MP6 (All versions < MP6 SR3), Sinteso FS20 EN Fire Panel FC20 MP7 (All versions < MP7 SR5), Sinteso FS20 EN X200 Cloud Distribution MP7 (All versions < V3.0.6602), Sinteso FS20 EN X200 Cloud Distribution MP8 (All versions < V4.0.5016), Sinteso FS20 EN X300 Cloud Distribution MP7 (All versions < V3.2.6601), Sinteso FS20 EN X300 Cloud Distribution MP8 (All versions < V4.2.5015), Sinteso Mobile (All versions < V3.0.0). The network communication library in affected systems does not validate the length of certain X.509 certificate attributes which might result in a stack-based buffer overflow. This could allow an unauthenticated remote attacker to execute code on the underlying operating system with root privileges.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://cert-portal.siemens.com/productcert/html/ssa-225840.html Patch Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-953710.html
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:siemens:cerberus_pro_en_engineering_tool:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:cerberus_pro_en_fire_panel_fc72x:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:cerberus_pro_en_x200_cloud_distribution:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:cerberus_pro_en_x300_cloud_distribution:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sinteso_fs20_en_engineering_tool:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sinteso_fs20_en_fire_panel_fc20:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sinteso_fs20_en_x200_cloud_distribution:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sinteso_fs20_en_x300_cloud_distribution:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sinteso_mobile:*:*:*:*:*:*:*:*
History

No history.

Information

Published : 2024-03-12 11:15

Updated : 2024-05-14 16:16

NVD link : CVE-2024-22039

Mitre link : CVE-2024-22039

CVE.ORG link : CVE-2024-22039

JSON object : View

Products Affected

siemens

  • sinteso_fs20_en_fire_panel_fc20
  • sinteso_fs20_en_x200_cloud_distribution
  • cerberus_pro_en_engineering_tool
  • cerberus_pro_en_x300_cloud_distribution
  • sinteso_fs20_en_engineering_tool
  • cerberus_pro_en_x200_cloud_distribution
  • sinteso_fs20_en_x300_cloud_distribution
  • cerberus_pro_en_fire_panel_fc72x
  • sinteso_mobile
CWE
CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')