Risk | High |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2024-22039 |
CWE-ID | CWE-119 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
Cerberus PRO EN Engineering Tool Hardware solutions / Firmware Cerberus PRO EN Fire Panel FC72x Hardware solutions / Firmware Cerberus PRO EN X200 Cloud Distribution Hardware solutions / Firmware Cerberus PRO EN X300 Cloud Distribution Hardware solutions / Firmware Sinteso FS20 EN Engineering Tool Hardware solutions / Firmware Sinteso FS20 EN Fire Panel FC20 Hardware solutions / Firmware Sinteso FS20 EN X200 Cloud Distribution Hardware solutions / Firmware Sinteso FS20 EN X300 Cloud Distribution Hardware solutions / Firmware Sinteso Mobile Hardware solutions / Firmware |
Vendor |
Security Bulletin
This security bulletin contains one high risk vulnerability.
EUVDB-ID: #VU87488
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-22039
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the network communication library. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCerberus PRO EN Engineering Tool: before IP8
Cerberus PRO EN Fire Panel FC72x: before IP8
Cerberus PRO EN X200 Cloud Distribution: before 4.0.5016
Cerberus PRO EN X300 Cloud Distribution: before 4.2.5015
Sinteso FS20 EN Engineering Tool: before MP8
Sinteso FS20 EN Fire Panel FC20: before MP8
Sinteso FS20 EN X200 Cloud Distribution: before 4.0.5016
Sinteso FS20 EN X300 Cloud Distribution: before 4.2.5015
Sinteso Mobile: before 3.0.0
External linkshttp://cert-portal.siemens.com/productcert/html/ssa-225840.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.