Memory Buffer Handling Flaw in Cerberus and Desigo Fire Safety Products by Siemens
CVE-2024-22041

7.5HIGH

Key Information:

Vendor: Siemens
Status: Cerberus Pro En Engineering Tool; Cerberus Pro En Fire Panel Fc72x Ip6; Cerberus Pro En Fire Panel Fc72x Ip7; Cerberus Pro En Fire Panel Fc72x Ip8
Vendor: CVE Published:; 12 March 2024

What is CVE-2024-22041?

A vulnerability has been detected in the network communication library of specific Siemens fire safety products, such as Cerberus and Desigo. This issue arises from improper handling of memory buffers during the processing of X.509 certificates. An unauthenticated remote attacker could exploit this flaw to cause a disruption in network services, potentially leading to system crashes. Affected versions span multiple product lines and highlights the importance of updating to the latest software releases to mitigate risks.

Affected Version(s)

Cerberus PRO EN Engineering Tool 0

Cerberus PRO EN Fire Panel FC72x IP6 0

Cerberus PRO EN Fire Panel FC72x IP7 0

References

https://cert-portal.siemens.com/productcert/html/ssa-2258...

https://cert-portal.siemens.com/productcert/html/ssa-9537...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 12, 2024
Vulnerability Reserved
Jan 4, 2024