Memory Buffer Handling Flaw in Cerberus and Desigo Fire Safety Products by Siemens
CVE-2024-22041

7.5HIGH

Key Information:

Vendor
Siemens
Status
Cerberus Pro En Engineering Tool
Cerberus Pro En Fire Panel Fc72x Ip6
Cerberus Pro En Fire Panel Fc72x Ip7
Cerberus Pro En Fire Panel Fc72x Ip8
Vendor
CVE Published:
12 March 2024

Summary

A vulnerability has been detected in the network communication library of specific Siemens fire safety products, such as Cerberus and Desigo. This issue arises from improper handling of memory buffers during the processing of X.509 certificates. An unauthenticated remote attacker could exploit this flaw to cause a disruption in network services, potentially leading to system crashes. Affected versions span multiple product lines and highlights the importance of updating to the latest software releases to mitigate risks.

Affected Version(s)

Cerberus PRO EN Engineering Tool 0

Cerberus PRO EN Fire Panel FC72x IP6 0

Cerberus PRO EN Fire Panel FC72x IP7 0

References

https://cert-portal.siemens.com/productcert/html/ssa-2258...
https://cert-portal.siemens.com/productcert/html/ssa-9537...

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.