Buffer overflow in Siemens products - CVE-2024-22041
Published: March 13, 2024
Vulnerability identifier: #VU87492
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2024-22041
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Siemens
Affected software:
Cerberus PRO EN Engineering Tool
Sinteso FS20 EN Engineering Tool
Sinteso Mobile
Cerberus PRO EN Fire Panel FC72x
Cerberus PRO EN X200 Cloud Distribution
Cerberus PRO EN X300 Cloud Distribution
Sinteso FS20 EN Fire Panel FC20
Sinteso FS20 EN X200 Cloud Distribution
Sinteso FS20 EN X300 Cloud Distribution
Cerberus PRO EN Engineering Tool
Sinteso FS20 EN Engineering Tool
Sinteso Mobile
Cerberus PRO EN Fire Panel FC72x
Cerberus PRO EN X200 Cloud Distribution
Cerberus PRO EN X300 Cloud Distribution
Sinteso FS20 EN Fire Panel FC20
Sinteso FS20 EN X200 Cloud Distribution
Sinteso FS20 EN X300 Cloud Distribution
Detailed vulnerability description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in the network communication library when parsing X.509 certificates. A remote attacker can trigger memory corruption and cause a denial of service condition on the target system.
How to mitigate CVE-2024-22041
Install updates from vendor's website.