Buffer overflow in Siemens products - CVE-2024-22039
Published: March 13, 2024
Vulnerability identifier: #VU87488
CSH Severity: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2024-22039
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Cerberus PRO EN Engineering Tool
Cerberus PRO EN Fire Panel FC72x
Cerberus PRO EN X200 Cloud Distribution
Cerberus PRO EN X300 Cloud Distribution
Sinteso FS20 EN Engineering Tool
Sinteso FS20 EN Fire Panel FC20
Sinteso FS20 EN X200 Cloud Distribution
Sinteso FS20 EN X300 Cloud Distribution
Sinteso Mobile
Cerberus PRO EN Engineering Tool
Cerberus PRO EN Fire Panel FC72x
Cerberus PRO EN X200 Cloud Distribution
Cerberus PRO EN X300 Cloud Distribution
Sinteso FS20 EN Engineering Tool
Sinteso FS20 EN Fire Panel FC20
Sinteso FS20 EN X200 Cloud Distribution
Sinteso FS20 EN X300 Cloud Distribution
Sinteso Mobile
Software vendor:
Siemens
Siemens
Description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the network communication library. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Install updates from vendor's website.