CVE-2024-22039

2024-03-1210:21:53

CWE-120

siemens

www.cve.org

siemens products

vulnerability

remote code execution

x.509 certificate

buffer overflow

root privileges

cve-2024-22039

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C

9.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.3%

JSON

A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions < IP8), Cerberus PRO EN Fire Panel FC72x IP6 (All versions < IP6 SR3), Cerberus PRO EN Fire Panel FC72x IP7 (All versions < IP7 SR5), Cerberus PRO EN X200 Cloud Distribution IP7 (All versions < V3.0.6602), Cerberus PRO EN X200 Cloud Distribution IP8 (All versions < V4.0.5016), Cerberus PRO EN X300 Cloud Distribution IP7 (All versions < V3.2.6601), Cerberus PRO EN X300 Cloud Distribution IP8 (All versions < V4.2.5015), Cerberus PRO UL Compact Panel FC922/924 (All versions < MP4), Cerberus PRO UL Engineering Tool (All versions < MP4), Cerberus PRO UL X300 Cloud Distribution (All versions < V4.3.0001), Desigo Fire Safety UL Compact Panel FC2025/2050 (All versions < MP4), Desigo Fire Safety UL Engineering Tool (All versions < MP4), Desigo Fire Safety UL X300 Cloud Distribution (All versions < V4.3.0001), Sinteso FS20 EN Engineering Tool (All versions < MP8), Sinteso FS20 EN Fire Panel FC20 MP6 (All versions < MP6 SR3), Sinteso FS20 EN Fire Panel FC20 MP7 (All versions < MP7 SR5), Sinteso FS20 EN X200 Cloud Distribution MP7 (All versions < V3.0.6602), Sinteso FS20 EN X200 Cloud Distribution MP8 (All versions < V4.0.5016), Sinteso FS20 EN X300 Cloud Distribution MP7 (All versions < V3.2.6601), Sinteso FS20 EN X300 Cloud Distribution MP8 (All versions < V4.2.5015), Sinteso Mobile (All versions < V3.0.0). The network communication library in affected systems does not validate the length of certain X.509 certificate attributes which might result in a stack-based buffer overflow.
This could allow an unauthenticated remote attacker to execute code on the underlying operating system with root privileges.

CNA Affected

[
  {
    "vendor": "Siemens",
    "product": "Cerberus PRO EN Engineering Tool",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "IP8",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Cerberus PRO EN Fire Panel FC72x IP6",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "IP6 SR3",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Cerberus PRO EN Fire Panel FC72x IP7",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "IP7 SR5",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Cerberus PRO EN X200 Cloud Distribution IP7",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V3.0.6602",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Cerberus PRO EN X200 Cloud Distribution IP8",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V4.0.5016",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Cerberus PRO EN X300 Cloud Distribution IP7",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V3.2.6601",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Cerberus PRO EN X300 Cloud Distribution IP8",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V4.2.5015",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Cerberus PRO UL Compact Panel FC922/924",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "MP4",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Cerberus PRO UL Engineering Tool",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "MP4",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Cerberus PRO UL X300 Cloud Distribution",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V4.3.0001",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Desigo Fire Safety UL Compact Panel FC2025/2050",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "MP4",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Desigo Fire Safety UL Engineering Tool",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "MP4",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Desigo Fire Safety UL X300 Cloud Distribution",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V4.3.0001",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Sinteso FS20 EN Engineering Tool",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "MP8",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Sinteso FS20 EN Fire Panel FC20 MP6",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "MP6 SR3",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Sinteso FS20 EN Fire Panel FC20 MP7",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "MP7 SR5",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Sinteso FS20 EN X200 Cloud Distribution MP7",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V3.0.6602",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Sinteso FS20 EN X200 Cloud Distribution MP8",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V4.0.5016",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Sinteso FS20 EN X300 Cloud Distribution MP7",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V3.2.6601",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Sinteso FS20 EN X300 Cloud Distribution MP8",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V4.2.5015",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Sinteso Mobile",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V3.0.0",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]