Cerberus PRO EN Cloud Distributions: X.509 Buffer Overflow CVE202422041
CVE-2024-22041 Published on March 12, 2024
A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions), Cerberus PRO EN Fire Panel FC72x IP6 (All versions), Cerberus PRO EN Fire Panel FC72x IP7 (All versions), Cerberus PRO EN Fire Panel FC72x IP8 (All versions < IP8 SR4), Cerberus PRO EN X200 Cloud Distribution IP7 (All versions), Cerberus PRO EN X200 Cloud Distribution IP8 (All versions < V4.3.5618), Cerberus PRO EN X300 Cloud Distribution IP7 (All versions), Cerberus PRO EN X300 Cloud Distribution IP8 (All versions < V4.3.5617), Cerberus PRO UL Compact Panel FC922/924 (All versions < MP4), Cerberus PRO UL Engineering Tool (All versions < MP4), Cerberus PRO UL X300 Cloud Distribution (All versions < V4.3.0001), Desigo Fire Safety UL Compact Panel FC2025/2050 (All versions < MP4), Desigo Fire Safety UL Engineering Tool (All versions < MP4), Desigo Fire Safety UL X300 Cloud Distribution (All versions < V4.3.0001), Sinteso FS20 EN Engineering Tool (All versions), Sinteso FS20 EN Fire Panel FC20 MP6 (All versions), Sinteso FS20 EN Fire Panel FC20 MP7 (All versions), Sinteso FS20 EN Fire Panel FC20 MP8 (All versions < MP8 SR4), Sinteso FS20 EN X200 Cloud Distribution MP7 (All versions), Sinteso FS20 EN X200 Cloud Distribution MP8 (All versions < V4.3.5618), Sinteso FS20 EN X300 Cloud Distribution MP7 (All versions), Sinteso FS20 EN X300 Cloud Distribution MP8 (All versions < V4.3.5617), Sinteso Mobile (All versions). The network communication library in affected systems improperly handles memory buffers when parsing X.509 certificates. This could allow an unauthenticated remote attacker to crash the network service.
Weakness Type
What is a Buffer Overflow Vulnerability?
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
CVE-2024-22041 has been classified to as a Buffer Overflow vulnerability or weakness.
Products Associated with CVE-2024-22041
Want to know whenever a new CVE is published for Siemens products? stack.watch will email you.
Affected Versions
Siemens Cerberus PRO EN Engineering Tool:- Before * is affected.
- Before * is affected.
- Before * is affected.
- Before IP8 SR4 is affected.
- Before * is affected.
- Before V4.3.5618 is affected.
- Before * is affected.
- Before V4.3.5617 is affected.
- Before MP4 is affected.
- Before MP4 is affected.
- Before V4.3.0001 is affected.
- Before MP4 is affected.
- Before MP4 is affected.
- Before V4.3.0001 is affected.
- Before * is affected.
- Before * is affected.
- Before * is affected.
- Before MP8 SR4 is affected.
- Before * is affected.
- Before V4.3.5618 is affected.
- Before * is affected.
- Before V4.3.5617 is affected.
- Before * is affected.
- Version - is affected.
- Version - is affected.
- Version - is affected.
- Version * is affected.
- Version - is affected.
- Version * is affected.
- Version * is affected.
- Before mp4 is affected.
- Before v4.3.0001 is affected.
- Version - is affected.
- Version * is affected.
- Version * is affected.
- Version * is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.