Lucene search

China National Vulnerability DatabaseCNVD-2024-13804

HistoryMar 13, 2024 - 12:00 a.m.

Siemens Sinteso EN and Cerberus PRO EN Fire Protection Systems Buffer Overflow Vulnerability

2024-03-1300:00:00

China National Vulnerability Database

www.cnvd.org.cn

siemens

sinteso en

cerberus pro en

fire protection

buffer overflow

vulnerability

network communication

x.509 certificates

attack

7.3 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Cerberus PRO EN is a fire protection system consisting of fire panels, detection and management stations. It is available to Siemens partners and complies with the European standard EN 54 for fire detection and alarm systems. Sinteso EN is a fire protection system consisting of fire panels, detection and management stations. It complies with the European standard EN 54 for fire detection and alarm systems. Sinteso Mobile is a mobile application for remote access to the Sinteso/Cerberus PRO EN fire protection system. A buffer overflow vulnerability exists in Siemens Sinteso EN and Cerberus PRO EN Fire Protection Systems due to a failure of the network communication library in the affected systems to properly handle memory buffers when parsing X.509 certificates. An attacker could exploit this vulnerability to crash a network service.

CPENameOperatorVersion
siemens sinteso fs20 en x300 cloud distribution < veq4.3.5617
siemens sinteso fs20 en x200 cloud distribution < veq4.3.5618
siemens cerberus pro en x300 cloud distribution < veq4.3.5617
siemens cerberus pro en x200 cloud distribution < veq4.3.5618

Name	Operator	Version
siemens sinteso fs20 en x300 cloud distribution < v	eq	4.3.5617
siemens sinteso fs20 en x200 cloud distribution < v	eq	4.3.5618
siemens cerberus pro en x300 cloud distribution < v	eq	4.3.5617
siemens cerberus pro en x200 cloud distribution < v	eq	4.3.5618