cbcvebase.
CVE-2024-22041
published 2024-03-12

CVE-2024-22041: A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions), Cerberus PRO EN Fire Panel FC72x IP6 (All versions), Cerberus PRO EN…

PriorityP343high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.51%
39.5th percentile
A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions), Cerberus PRO EN Fire Panel FC72x IP6 (All versions), Cerberus PRO EN Fire Panel FC72x IP7 (All versions), Cerberus PRO EN Fire Panel FC72x IP8 (All versions < IP8 SR4), Cerberus PRO EN X200 Cloud Distribution IP7 (All versions), Cerberus PRO EN X200 Cloud Distribution IP8 (All versions < V4.3.5618), Cerberus PRO EN X300 Cloud Distribution IP7 (All versions), Cerberus PRO EN X300 Cloud Distribution IP8 (All versions < V4.3.5617), Cerberus PRO UL Compact Panel FC922/924 (All versions < MP4), Cerberus PRO UL Engineering Tool (All versions < MP4), Cerberus PRO UL X300 Cloud Distribution (All versions < V4.3.0001), Desigo Fire Safety UL Compact Panel FC2025/2050 (All versions < MP4), Desigo Fire Safety UL Engineering Tool (All versions < MP4), Desigo Fire Safety UL X300 Cloud Distribution (All versions < V4.3.0001), Sinteso FS20 EN Engineering Tool (All versions), Sinteso FS20 EN Fire Panel FC20 MP6 (All versions), Sinteso FS20 EN Fire Panel FC20 MP7 (All versions), Sinteso FS20 EN Fire Panel FC20 MP8 (All versions < MP8 SR4), Sinteso FS20 EN X200 Cloud Distribution MP7 (All versions), Sinteso FS20 EN X200 Cloud Distribution MP8 (All versions < V4.3.5618), Sinteso FS20 EN X300 Cloud Distribution MP7 (All versions), Sinteso FS20 EN X300 Cloud Distribution MP8 (All versions < V4.3.5617), Sinteso Mobile (All versions). The network communication library in affected systems improperly handles memory buffers when parsing X.509 certificates. This could allow an unauthenticated remote attacker to crash the network service.

Affected

23 ranges
VendorProductVersion rangeFixed in
siemenscerberus_pro_en_engineering_tool< **
siemenscerberus_pro_en_fire_panel_fc72x_ip6< **
siemenscerberus_pro_en_fire_panel_fc72x_ip7< **
siemenscerberus_pro_en_fire_panel_fc72x_ip8< IP8 SR4IP8 SR4
siemenscerberus_pro_en_x200_cloud_distribution_ip7< **
siemenscerberus_pro_en_x200_cloud_distribution_ip8< V4.3.5618V4.3.5618
siemenscerberus_pro_en_x300_cloud_distribution_ip7< **
siemenscerberus_pro_en_x300_cloud_distribution_ip8< V4.3.5617V4.3.5617
siemenscerberus_pro_ul_compact_panel_fc922_924< MP4MP4
siemenscerberus_pro_ul_engineering_tool< MP4MP4
siemenscerberus_pro_ul_x300_cloud_distribution< V4.3.0001V4.3.0001
siemensdesigo_fire_safety_ul_compact_panel_fc2025_2050< MP4MP4
siemensdesigo_fire_safety_ul_engineering_tool< MP4MP4
siemensdesigo_fire_safety_ul_x300_cloud_distribution< V4.3.0001V4.3.0001
siemenssinteso_fs20_en_engineering_tool< **
siemenssinteso_fs20_en_fire_panel_fc20_mp6< **
siemenssinteso_fs20_en_fire_panel_fc20_mp7< **
siemenssinteso_fs20_en_fire_panel_fc20_mp8< MP8 SR4MP8 SR4
siemenssinteso_fs20_en_x200_cloud_distribution_mp7< **
siemenssinteso_fs20_en_x200_cloud_distribution_mp8< V4.3.5618V4.3.5618
siemenssinteso_fs20_en_x300_cloud_distribution_mp7< **
siemenssinteso_fs20_en_x300_cloud_distribution_mp8< V4.3.5617V4.3.5617
siemenssinteso_mobile< **
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.