CVE-2024-22039
Key Information
- Vendor
- Siemens
- Status
- Cerberus Pro En Engineering Tool
- Cerberus Pro En Fire Panel Fc72x Ip6
- Cerberus Pro En Fire Panel Fc72x Ip7
- Cerberus Pro En X200 Cloud Distribution Ip7
- Vendor
- CVE Published:
- 12 March 2024
Badges
Summary
CVE-2024-22039 is a critical vulnerability in Siemens' Sinteso EN and Cerberus PRO EN fire protection systems, with a high CVSS score of 10, indicating its severe impact. The vulnerability allows attackers to execute code with root privileges on the system by exploiting unchecked X.509 certificate attributes, potentially leading to crashes and hindering emergency responses. The affected products include various components within the fire protection systems, such as engineering tools and mobile apps. Siemens has released patches for some of the affected products and provided workaround procedures for others, urging organizations to implement these measures immediately. The exploitation of CVE-2024-22039 poses a significant risk, emphasizing the importance of securing specialized systems like fire protection to mitigate the potential impact on lives and property.
Affected Version(s)
Cerberus PRO EN Engineering Tool 0
Cerberus PRO EN Fire Panel FC72x IP6 0
Cerberus PRO EN Fire Panel FC72x IP7 0
News Articles
securityonline.infoCVE-2024-22039Cerberus PRO EN Archives
VulnerabilityMarch 12, 2024CVE-2024-22039 (CVSS 10): Siemens Fire Protection Systems Vulnerable to Remote AttacksA serious security alert from Siemens ProductCERT reveals that multiple products within their...
9 months ago
securityonline.infoCVE-2024-22039CVE-2024-22039 (CVSS 10): Siemens Fire Protection Systems Vulnerable to Remote Attacks
CVE-2024-22039 could allow an unauthenticated remote attacker to execute code on the underlying operating system with root privileges.
10 months ago
References
CVSS V3.1
Timeline
- π°
First article discovered by securityonline.info
Vulnerability published
Vulnerability Reserved