{ "id": "CVE-2024-22039", "sourceIdentifier": "productcert@siemens.com", "published": "2024-03-12T11:15:48.420", "lastModified": "2024-11-21T08:55:26.327", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions < IP8), Cerberus PRO EN Fire Panel FC72x IP6 (All versions < IP6 SR3), Cerberus PRO EN Fire Panel FC72x IP7 (All versions < IP7 SR5), Cerberus PRO EN X200 Cloud Distribution IP7 (All versions < V3.0.6602), Cerberus PRO EN X200 Cloud Distribution IP8 (All versions < V4.0.5016), Cerberus PRO EN X300 Cloud Distribution IP7 (All versions < V3.2.6601), Cerberus PRO EN X300 Cloud Distribution IP8 (All versions < V4.2.5015), Cerberus PRO UL Compact Panel FC922/924 (All versions < MP4), Cerberus PRO UL Engineering Tool (All versions < MP4), Cerberus PRO UL X300 Cloud Distribution (All versions < V4.3.0001), Desigo Fire Safety UL Compact Panel FC2025/2050 (All versions < MP4), Desigo Fire Safety UL Engineering Tool (All versions < MP4), Desigo Fire Safety UL X300 Cloud Distribution (All versions < V4.3.0001), Sinteso FS20 EN Engineering Tool (All versions < MP8), Sinteso FS20 EN Fire Panel FC20 MP6 (All versions < MP6 SR3), Sinteso FS20 EN Fire Panel FC20 MP7 (All versions < MP7 SR5), Sinteso FS20 EN X200 Cloud Distribution MP7 (All versions < V3.0.6602), Sinteso FS20 EN X200 Cloud Distribution MP8 (All versions < V4.0.5016), Sinteso FS20 EN X300 Cloud Distribution MP7 (All versions < V3.2.6601), Sinteso FS20 EN X300 Cloud Distribution MP8 (All versions < V4.2.5015), Sinteso Mobile (All versions < V3.0.0). The network communication library in affected systems does not validate the length of certain X.509 certificate attributes which might result in a stack-based buffer overflow.\r\nThis could allow an unauthenticated remote attacker to execute code on the underlying operating system with root privileges." }, { "lang": "es", "value": "Se ha identificado una vulnerabilidad en Cerberus PRO EN Engineering Tool (todas las versiones < IP8), Cerberus PRO EN Fire Panel FC72x (todas las versiones < IP8), Cerberus PRO EN X200 Cloud Distribution (todas las versiones < V4.0.5016), Cerberus PRO EN X300 Distribuci\u00f3n en la nube (todas las versiones < V4.2.5015), herramienta de ingenier\u00eda Sinteso FS20 EN (todas las versiones < MP8), central de incendios Sinteso FS20 EN FC20 (todas las versiones < MP8), distribuci\u00f3n en la nube Sinteso FS20 EN X200 (todas las versiones < V4.0.5016) , Sinteso FS20 EN X300 Cloud Distribution (todas las versiones " } ], "metrics": { "cvssMetricV31": [ { "source": "productcert@siemens.com", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "baseScore": 10.0, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 6.0 }, { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 5.9 } ] }, "weaknesses": [ { "source": "productcert@siemens.com", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-120" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:siemens:cerberus_pro_en_engineering_tool:*:*:*:*:*:*:*:*", "versionEndExcluding": "ip8", "matchCriteriaId": "51481F41-444E-4B78-A15F-516C7EC2F50D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:siemens:cerberus_pro_en_fire_panel_fc72x:*:*:*:*:*:*:*:*", "versionEndExcluding": "ip8", "matchCriteriaId": "7E15F412-20D3-417B-9DD7-F9861D44644B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:siemens:cerberus_pro_en_x200_cloud_distribution:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.0.5016", "matchCriteriaId": "F4595AA9-ADC3-49EE-9767-2043DBB7FEE4" }, { "vulnerable": true, "criteria": "cpe:2.3:a:siemens:cerberus_pro_en_x300_cloud_distribution:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.2.5015", "matchCriteriaId": "C2EC2222-3208-4677-9DC0-84EF66D3C44B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:siemens:sinteso_fs20_en_engineering_tool:*:*:*:*:*:*:*:*", "versionEndExcluding": "mp8", "matchCriteriaId": "AD41968F-E374-41DB-9B43-551693339918" }, { "vulnerable": true, "criteria": "cpe:2.3:a:siemens:sinteso_fs20_en_fire_panel_fc20:*:*:*:*:*:*:*:*", "versionEndExcluding": "mp8", "matchCriteriaId": "82F92204-A977-48F7-9247-B283D9371CCA" }, { "vulnerable": true, "criteria": "cpe:2.3:a:siemens:sinteso_fs20_en_x200_cloud_distribution:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.0.5016", "matchCriteriaId": "40675EA2-2B5A-490D-989A-2726941BDA6B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:siemens:sinteso_fs20_en_x300_cloud_distribution:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.2.5015", "matchCriteriaId": "BE335B38-42D4-4BB4-A549-FDEB897A56AD" }, { "vulnerable": true, "criteria": "cpe:2.3:a:siemens:sinteso_mobile:*:*:*:*:*:*:*:*", "versionEndExcluding": "3.0.0", "matchCriteriaId": "AC5EDF20-9665-4487-AF9E-2E4FF12E7BBD" } ] } ] } ], "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-225840.html", "source": "productcert@siemens.com", "tags": [ "Patch", "Vendor Advisory" ] }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-953710.html", "source": "productcert@siemens.com" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-225840.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ] }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-953710.html", "source": "af854a3a-2127-422b-91ae-364da2661108" } ] }