Lucene search

China National Vulnerability DatabaseCNVD-2024-13803

HistoryMar 13, 2024 - 12:00 a.m.

Siemens Sinteso EN and Cerberus PRO EN Fire Protection Systems Out-of-Bounds Read Vulnerability

2024-03-1300:00:00

China National Vulnerability Database

www.cnvd.org.cn

siemens

sinteso en

cerberus pro en

fire protection systems

out-of-bounds read

vulnerability

network communication library

exploitation

crash

network services

european standard en 54

fire detection

alarm systems

sinteso mobile

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Cerberus PRO EN is a fire protection system consisting of fire panels, detection and management stations. It is available to Siemens partners and complies with the European standard EN 54 for fire detection and alarm systems. Sinteso EN is a fire protection system consisting of fire panels, detection and management stations. It complies with the European standard EN 54 for fire detection and alarm systems. Sinteso Mobile is a mobile application for remote access to the Sinteso/Cerberus PRO EN fire protection system. An out-of-bounds read leak exists in Siemens Sinteso EN and Cerberus PRO EN Fire Protection Systems due to a network communication library in the affected systems that does not adequately validate HMAC values, which could be exploited by an attacker to crash network services.

CPENameOperatorVersion
siemens sinteso fs20 en x300 cloud distribution < veq4.3.5617
siemens sinteso fs20 en x200 cloud distribution < veq4.3.5618
siemens cerberus pro en x300 cloud distribution < veq4.3.5617
siemens cerberus pro en x200 cloud distribution < veq4.3.5618

Name	Operator	Version
siemens sinteso fs20 en x300 cloud distribution < v	eq	4.3.5617
siemens sinteso fs20 en x200 cloud distribution < v	eq	4.3.5618
siemens cerberus pro en x300 cloud distribution < v	eq	4.3.5617
siemens cerberus pro en x200 cloud distribution < v	eq	4.3.5618