CVE-2024-22039
published 2024-03-12CVE-2024-22039: A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions < IP8), Cerberus PRO EN Fire Panel FC72x IP6 (All versions < IP6 SR3)…
PriorityP264critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.81%
52.4th percentile
A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions < IP8), Cerberus PRO EN Fire Panel FC72x IP6 (All versions < IP6 SR3), Cerberus PRO EN Fire Panel FC72x IP7 (All versions < IP7 SR5), Cerberus PRO EN X200 Cloud Distribution IP7 (All versions < V3.0.6602), Cerberus PRO EN X200 Cloud Distribution IP8 (All versions < V4.0.5016), Cerberus PRO EN X300 Cloud Distribution IP7 (All versions < V3.2.6601), Cerberus PRO EN X300 Cloud Distribution IP8 (All versions < V4.2.5015), Cerberus PRO UL Compact Panel FC922/924 (All versions < MP4), Cerberus PRO UL Engineering Tool (All versions < MP4), Cerberus PRO UL X300 Cloud Distribution (All versions < V4.3.0001), Desigo Fire Safety UL Compact Panel FC2025/2050 (All versions < MP4), Desigo Fire Safety UL Engineering Tool (All versions < MP4), Desigo Fire Safety UL X300 Cloud Distribution (All versions < V4.3.0001), Sinteso FS20 EN Engineering Tool (All versions < MP8), Sinteso FS20 EN Fire Panel FC20 MP6 (All versions < MP6 SR3), Sinteso FS20 EN Fire Panel FC20 MP7 (All versions < MP7 SR5), Sinteso FS20 EN X200 Cloud Distribution MP7 (All versions < V3.0.6602), Sinteso FS20 EN X200 Cloud Distribution MP8 (All versions < V4.0.5016), Sinteso FS20 EN X300 Cloud Distribution MP7 (All versions < V3.2.6601), Sinteso FS20 EN X300 Cloud Distribution MP8 (All versions < V4.2.5015), Sinteso Mobile (All versions < V3.0.0). The network communication library in affected systems does not validate the length of certain X.509 certificate attributes which might result in a stack-based buffer overflow.
This could allow an unauthenticated remote attacker to execute code on the underlying operating system with root privileges.
Affected
30 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | cerberus_pro_en_engineering_tool | < IP8 | IP8 |
| siemens | cerberus_pro_en_engineering_tool | < ip8 | ip8 |
| siemens | cerberus_pro_en_fire_panel_fc72x | < ip8 | ip8 |
| siemens | cerberus_pro_en_fire_panel_fc72x_ip6 | < IP6 SR3 | IP6 SR3 |
| siemens | cerberus_pro_en_fire_panel_fc72x_ip7 | < IP7 SR5 | IP7 SR5 |
| siemens | cerberus_pro_en_x200_cloud_distribution | < 4.0.5016 | 4.0.5016 |
| siemens | cerberus_pro_en_x200_cloud_distribution_ip7 | < V3.0.6602 | V3.0.6602 |
| siemens | cerberus_pro_en_x200_cloud_distribution_ip8 | < V4.0.5016 | V4.0.5016 |
| siemens | cerberus_pro_en_x300_cloud_distribution | < 4.2.5015 | 4.2.5015 |
| siemens | cerberus_pro_en_x300_cloud_distribution_ip7 | < V3.2.6601 | V3.2.6601 |
| siemens | cerberus_pro_en_x300_cloud_distribution_ip8 | < V4.2.5015 | V4.2.5015 |
| siemens | cerberus_pro_ul_compact_panel_fc922_924 | < MP4 | MP4 |
| siemens | cerberus_pro_ul_engineering_tool | < MP4 | MP4 |
| siemens | cerberus_pro_ul_x300_cloud_distribution | < V4.3.0001 | V4.3.0001 |
| siemens | desigo_fire_safety_ul_compact_panel_fc2025_2050 | < MP4 | MP4 |
| siemens | desigo_fire_safety_ul_engineering_tool | < MP4 | MP4 |
| siemens | desigo_fire_safety_ul_x300_cloud_distribution | < V4.3.0001 | V4.3.0001 |
| siemens | sinteso_fs20_en_engineering_tool | < MP8 | MP8 |
| siemens | sinteso_fs20_en_engineering_tool | < mp8 | mp8 |
| siemens | sinteso_fs20_en_fire_panel_fc20 | < mp8 | mp8 |
| siemens | sinteso_fs20_en_fire_panel_fc20_mp6 | < MP6 SR3 | MP6 SR3 |
| siemens | sinteso_fs20_en_fire_panel_fc20_mp7 | < MP7 SR5 | MP7 SR5 |
| siemens | sinteso_fs20_en_x200_cloud_distribution | < 4.0.5016 | 4.0.5016 |
| siemens | sinteso_fs20_en_x200_cloud_distribution_mp7 | < V3.0.6602 | V3.0.6602 |
| siemens | sinteso_fs20_en_x200_cloud_distribution_mp8 | < V4.0.5016 | V4.0.5016 |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerability is a stack-based buffer overflow triggered by malformed X.509 certificate attributes sent over the network communication library. Detect anomalously large or malformed X.509 certificate attribute fields in TLS/network handshakes targeting affected Siemens fire panel systems. ↗
- →For Engineering Tool variants, exploitation requires an on-path (MitM) attacker intercepting communications within the fire system network. Monitor for unexpected certificate issuers or anomalous TLS sessions on the fire system network segment. ↗
- →Successful exploitation of CVE-2024-22039 results in unauthenticated remote code execution with root privileges on the underlying OS. Alert on unexpected outbound connections or process spawning from fire panel network services. ↗
- →The attack vector is network-based with no authentication or user interaction required (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). Prioritize monitoring of network-accessible fire panel services for exploitation attempts. ↗
- ·For Sinteso Mobile, CVE-2024-22039 exploitation is limited to the app context (not the underlying OS), and requires an on-path attacker intercepting app communications in the fire system network. ↗
- ·No known public exploitation of CVE-2024-22039 has been reported at the time of advisory publication. ↗
- ·For Engineering Tool products (Cerberus PRO EN and Sinteso FS20 EN), no fix was available at time of initial advisory for companion CVEs (CVE-2024-22040, CVE-2024-22041), though CVE-2024-22039 is addressed by updating to IP8/MP8 or later. ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Siemens Desigo Fire Safety UL and Cerberus PRO UL Fire Protection Systems
cisa_ics·2024-05-16·CVSS 10.0
[CRITICAL] Siemens Desigo Fire Safety UL and Cerberus PRO UL Fire Protection Systems
ICS Advisory
##
Siemens Desigo Fire Safety UL and Cerberus PRO UL Fire Protection Systems
Release DateMay 16, 2024
Alert CodeICSA-24-137-12
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 10.0
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: Cerberus PRO UL and Desigo Fire Safety UL
- Vulnerabilities: Classic Buffer Overflow, Out-of-bounds Read, Improper Restriction of Operations within the Bounds of a Memory Buffe
CISA ICS
Siemens Sinteso EN Cerberus PRO EN Fire Protection Systems
cisa_ics·2024-03-14
Siemens Sinteso EN Cerberus PRO EN Fire Protection Systems
ICS Advisory
##
Siemens Sinteso EN Cerberus PRO EN Fire Protection Systems
Release DateMarch 14, 2024
Alert CodeICSA-24-074-09
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 10.0
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: Sinteso EN, Cerberus PRO EN Fire Protection Systems
- Vulnerabilities: Classic Buffer Overflow, Out-of-bounds Read, Improper Restriction of Operations within the Bounds of a Memory Buffer
GHSA
GHSA-p429-8j49-f6x5: A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions < IP8), Cerberus PRO EN Fire Panel FC72x (All versions < IP8), C
ghsa_unreviewed·2024-03-12
CVE-2024-22039 [CRITICAL] CWE-120 GHSA-p429-8j49-f6x5: A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions < IP8), Cerberus PRO EN Fire Panel FC72x (All versions < IP8), C
A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions < IP8), Cerberus PRO EN Fire Panel FC72x (All versions < IP8), Cerberus PRO EN X200 Cloud Distribution (All versions < V4.0.5016), Cerberus PRO EN X300 Cloud Distribution (All versions < V4.2.5015), Sinteso FS20 EN Engineering Tool (All versions < MP8), Sinteso FS20 EN Fire Panel FC20 (All versions < MP8), Sinteso FS20 EN X200 Cloud Distribution (All versions < V4.0.5016), Sinteso FS20 EN X300 Cloud Distribution (All versions < V4.2.5015), Sinteso Mobile (All versions < V3.0.0). The network communication library in affected systems does not validate the length of certain X.509 certificate attributes which might result in a stack-based buffer overflow.
This could allow an unauthenticated remote attacker to
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-03-12
Published