Cerberus PRO HMAC Buffer Overread in Net Comm Lib
CVE-2024-22040 Published on March 12, 2024
A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions), Cerberus PRO EN Fire Panel FC72x IP6 (All versions), Cerberus PRO EN Fire Panel FC72x IP7 (All versions), Cerberus PRO EN Fire Panel FC72x IP8 (All versions < IP8 SR4), Cerberus PRO EN X200 Cloud Distribution IP7 (All versions), Cerberus PRO EN X200 Cloud Distribution IP8 (All versions < V4.3.5618), Cerberus PRO EN X300 Cloud Distribution IP7 (All versions), Cerberus PRO EN X300 Cloud Distribution IP8 (All versions < V4.3.5617), Cerberus PRO UL Compact Panel FC922/924 (All versions < MP4), Cerberus PRO UL Engineering Tool (All versions < MP4), Cerberus PRO UL X300 Cloud Distribution (All versions < V4.3.0001), Desigo Fire Safety UL Compact Panel FC2025/2050 (All versions < MP4), Desigo Fire Safety UL Engineering Tool (All versions < MP4), Desigo Fire Safety UL X300 Cloud Distribution (All versions < V4.3.0001), Sinteso FS20 EN Engineering Tool (All versions), Sinteso FS20 EN Fire Panel FC20 MP6 (All versions), Sinteso FS20 EN Fire Panel FC20 MP7 (All versions), Sinteso FS20 EN Fire Panel FC20 MP8 (All versions < MP8 SR4), Sinteso FS20 EN X200 Cloud Distribution MP7 (All versions), Sinteso FS20 EN X200 Cloud Distribution MP8 (All versions < V4.3.5618), Sinteso FS20 EN X300 Cloud Distribution MP7 (All versions), Sinteso FS20 EN X300 Cloud Distribution MP8 (All versions < V4.3.5617), Sinteso Mobile (All versions). The network communication library in affected systems insufficiently validates HMAC values which might result in a buffer overread. This could allow an unauthenticated remote attacker to crash the network service.
Weakness Type
Out-of-bounds Read
The software reads data past the end, or before the beginning, of the intended buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash. A crash can occur when the code reads a variable amount of data and assumes that a sentinel exists to stop the read operation, such as a NUL in a string. The expected sentinel might not be located in the out-of-bounds memory, causing excessive data to be read, leading to a segmentation fault or a buffer overflow. The software may modify an index or perform pointer arithmetic that references a memory location that is outside of the boundaries of the buffer. A subsequent read operation then produces undefined or unexpected results.
Products Associated with CVE-2024-22040
Want to know whenever a new CVE is published for Siemens products? stack.watch will email you.
Affected Versions
Siemens Cerberus PRO EN Engineering Tool:- Before * is affected.
- Before * is affected.
- Before * is affected.
- Before IP8 SR4 is affected.
- Before * is affected.
- Before V4.3.5618 is affected.
- Before * is affected.
- Before V4.3.5617 is affected.
- Before MP4 is affected.
- Before MP4 is affected.
- Before V4.3.0001 is affected.
- Before MP4 is affected.
- Before MP4 is affected.
- Before V4.3.0001 is affected.
- Before * is affected.
- Before * is affected.
- Before * is affected.
- Before MP8 SR4 is affected.
- Before * is affected.
- Before V4.3.5618 is affected.
- Before * is affected.
- Before V4.3.5617 is affected.
- Before * is affected.
- Version - is affected.
- Version - is affected.
- Version - is affected.
- Version * is affected.
- Version - is affected.
- Version * is affected.
- Version * is affected.
- Before mp4 is affected.
- Before v4.3.0001 is affected.
- Version - is affected.
- Version * is affected.
- Version * is affected.
- Version * is affected.
- Version * is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.