cve/2024/CVE-2024-22039.md

### [CVE-2024-22039](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22039)
![](https://img.shields.io/static/v1?label=Product&message=Cerberus%20PRO%20EN%20Engineering%20Tool&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Cerberus%20PRO%20EN%20Fire%20Panel%20FC72x%20IP6&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Cerberus%20PRO%20EN%20Fire%20Panel%20FC72x%20IP7&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Cerberus%20PRO%20EN%20X200%20Cloud%20Distribution%20IP7&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Cerberus%20PRO%20EN%20X200%20Cloud%20Distribution%20IP8&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Cerberus%20PRO%20EN%20X300%20Cloud%20Distribution%20IP7&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Cerberus%20PRO%20EN%20X300%20Cloud%20Distribution%20IP8&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Cerberus%20PRO%20UL%20Compact%20Panel%20FC922%2F924&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Cerberus%20PRO%20UL%20Engineering%20Tool&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Cerberus%20PRO%20UL%20X300%20Cloud%20Distribution&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Desigo%20Fire%20Safety%20UL%20Compact%20Panel%20FC2025%2F2050&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Desigo%20Fire%20Safety%20UL%20Engineering%20Tool&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Desigo%20Fire%20Safety%20UL%20X300%20Cloud%20Distribution&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Sinteso%20FS20%20EN%20Engineering%20Tool&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Sinteso%20FS20%20EN%20Fire%20Panel%20FC20%20MP6&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Sinteso%20FS20%20EN%20Fire%20Panel%20FC20%20MP7&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Sinteso%20FS20%20EN%20X200%20Cloud%20Distribution%20MP7&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Sinteso%20FS20%20EN%20X200%20Cloud%20Distribution%20MP8&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Sinteso%20FS20%20EN%20X300%20Cloud%20Distribution%20MP7&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Sinteso%20FS20%20EN%20X300%20Cloud%20Distribution%20MP8&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Sinteso%20Mobile&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%20IP6%20SR3%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%20IP7%20SR5%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%20IP8%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%20MP4%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%20MP6%20SR3%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%20MP7%20SR5%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%20MP8%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V3.0.0%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V3.0.6602%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V3.2.6601%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V4.0.5016%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V4.2.5015%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V4.3.0001%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-120%3A%20Buffer%20Copy%20without%20Checking%20Size%20of%20Input%20('Classic%20Buffer%20Overflow')&color=brighgreen)

### Description

A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions < IP8), Cerberus PRO EN Fire Panel FC72x IP6 (All versions < IP6 SR3), Cerberus PRO EN Fire Panel FC72x IP7 (All versions < IP7 SR5), Cerberus PRO EN X200 Cloud Distribution IP7 (All versions < V3.0.6602), Cerberus PRO EN X200 Cloud Distribution IP8 (All versions < V4.0.5016), Cerberus PRO EN X300 Cloud Distribution IP7 (All versions < V3.2.6601), Cerberus PRO EN X300 Cloud Distribution IP8 (All versions < V4.2.5015), Cerberus PRO UL Compact Panel FC922/924 (All versions < MP4), Cerberus PRO UL Engineering Tool (All versions < MP4), Cerberus PRO UL X300 Cloud Distribution (All versions < V4.3.0001), Desigo Fire Safety UL Compact Panel FC2025/2050 (All versions < MP4), Desigo Fire Safety UL Engineering Tool (All versions < MP4), Desigo Fire Safety UL X300 Cloud Distribution (All versions < V4.3.0001), Sinteso FS20 EN Engineering Tool (All versions < MP8), Sinteso FS20 EN Fire Panel FC20 MP6 (All versions < MP6 SR3), Sinteso FS20 EN Fire Panel FC20 MP7 (All versions < MP7 SR5), Sinteso FS20 EN X200 Cloud Distribution MP7 (All versions < V3.0.6602), Sinteso FS20 EN X200 Cloud Distribution MP8 (All versions < V4.0.5016), Sinteso FS20 EN X300 Cloud Distribution MP7 (All versions < V3.2.6601), Sinteso FS20 EN X300 Cloud Distribution MP8 (All versions < V4.2.5015), Sinteso Mobile (All versions < V3.0.0). The network communication library in affected systems does not validate the length of certain X.509 certificate attributes which might result in a stack-based buffer overflow.
This could allow an unauthenticated remote attacker to execute code on the underlying operating system with root privileges.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds