CVE-2024-22039 Information

Description

A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions < IP8) Cerberus PRO EN Fire Panel FC72x (All versions < IP8) Cerberus PRO EN X200 Cloud Distribution (All versions < V4.0.5016) Cerberus PRO EN X300 Cloud Distribution (All versions < V4.2.5015) Sinteso FS20 EN Engineering Tool (All versions < MP8) Sinteso FS20 EN Fire Panel FC20 (All versions < MP8) Sinteso FS20 EN X200 Cloud Distribution (All versions < V4.0.5016) Sinteso FS20 EN X300 Cloud Distribution (All versions < V4.2.5015) Sinteso Mobile (All versions < V3.0.0). The network communication library in affected systems does not validate the length of certain X.509 certificate attributes which might result in a stack-based buffer overflow. This could allow an unauthenticated remote attacker to execute code on the underlying operating system with root privileges.

Reference

https://cert-portal.siemens.com/productcert/html/ssa-225840.html