CVE-2024-22039

CVSS 3.1 Score 10.0 of 10 (high)

Details

Published Mar 12, 2024
Updated: Mar 25, 2024
CWE ID 120

Summary

CVE-2024-22039 is a critical vulnerability affecting multiple Siemens products, including Cerberus PRO EN Engineering Tool, Cerberus PRO EN Fire Panel FC72x, Cerberus PRO EN X200 Cloud Distribution, Cerberus PRO EN X300 Cloud Distribution, Sinteso FS20 EN Engineering Tool, Sinteso FS20 EN Fire Panel FC20, Sinteso FS20 EN X200 Cloud Distribution, Sinteso FS20 EN X300 Cloud Distribution, and Sinteso Mobile. The vulnerability allows an unauthenticated remote attacker to execute code on the underlying operating system with root privileges. This is due to a lack of validation of the length of certain X.509 certificate attributes in the network communication library of the affected systems, leading to a stack-based buffer overflow. Remediation for this vulnerability involves updating affected products to versions IP8 or later for Cerberus PRO and MP8 or later for Sinteso FS20. If left unaddressed, this vulnerability poses a high danger to organizations as it can be exploited by remote attackers to gain unauthorized access and control over affected systems.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-22039 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options