#VU87491 Out-of-bounds read in Siemens products - CVE-2024-22040
Published: March 13, 2024
Vulnerability identifier: #VU87491
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2024-22040
CWE-ID: CWE-125
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Cerberus PRO EN Engineering Tool
Sinteso FS20 EN Engineering Tool
Sinteso Mobile
Cerberus PRO EN Fire Panel FC72x
Cerberus PRO EN X200 Cloud Distribution
Cerberus PRO EN X300 Cloud Distribution
Sinteso FS20 EN Fire Panel FC20
Sinteso FS20 EN X200 Cloud Distribution
Sinteso FS20 EN X300 Cloud Distribution
Cerberus PRO EN Engineering Tool
Sinteso FS20 EN Engineering Tool
Sinteso Mobile
Cerberus PRO EN Fire Panel FC72x
Cerberus PRO EN X200 Cloud Distribution
Cerberus PRO EN X300 Cloud Distribution
Sinteso FS20 EN Fire Panel FC20
Sinteso FS20 EN X200 Cloud Distribution
Sinteso FS20 EN X300 Cloud Distribution
Software vendor:
Siemens
Siemens
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition in the network communication library. A remote attacker can trigger an out-of-bounds read error and cause a denial of service condition on the system.
Remediation
Install updates from vendor's website.