Siemens Sinteso EN and Cerberus PRO EN Fire Protection Systems Stack Buffer Overflow Vulnerability

Cerberus PRO EN is a fire protection system consisting of fire panels, detection and management stations. It is available to Siemens partners and complies with the European standard EN 54 for fire detection and alarm systems. Sinteso EN is a fire protection system consisting of fire panels, detection and management stations. It complies with the European standard EN 54 for fire detection and alarm systems. Sinteso Mobile is a mobile application for remote access to the Sinteso/Cerberus PRO EN fire protection system. A stack buffer overflow vulnerability exists in Siemens Sinteso EN and Cerberus PRO EN Fire Protection Systems due to a network communication library in the affected systems that does not validate the length of certain X.509 certificate attributes, which can be exploited by an attacker to execute code with root privileges on the underlying operating system.