#VU87492 Buffer overflow in Siemens products - CVE-2024-22041
Published: March 13, 2024
Vulnerability identifier: #VU87492
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2024-22041
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Cerberus PRO EN Engineering Tool
Sinteso FS20 EN Engineering Tool
Sinteso Mobile
Cerberus PRO EN Fire Panel FC72x
Cerberus PRO EN X200 Cloud Distribution
Cerberus PRO EN X300 Cloud Distribution
Sinteso FS20 EN Fire Panel FC20
Sinteso FS20 EN X200 Cloud Distribution
Sinteso FS20 EN X300 Cloud Distribution
Cerberus PRO EN Engineering Tool
Sinteso FS20 EN Engineering Tool
Sinteso Mobile
Cerberus PRO EN Fire Panel FC72x
Cerberus PRO EN X200 Cloud Distribution
Cerberus PRO EN X300 Cloud Distribution
Sinteso FS20 EN Fire Panel FC20
Sinteso FS20 EN X200 Cloud Distribution
Sinteso FS20 EN X300 Cloud Distribution
Software vendor:
Siemens
Siemens
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in the network communication library when parsing X.509 certificates. A remote attacker can trigger memory corruption and cause a denial of service condition on the target system.
Remediation
Install updates from vendor's website.