CVE-2024-22039

CVSS 3.1 Score 10.0 of 10 (high)

Details

Published Mar 12, 2024
Updated: Mar 25, 2024
CWE ID 120

Summary

CVE-2024-22039 is a critical vulnerability affecting multiple Siemens products, including Cerberus PRO EN Engineering Tool, Cerberus PRO EN Fire Panel FC72x, Cerberus PRO EN X200 Cloud Distribution, Cerberus PRO EN X300 Cloud Distribution, Sinteso FS20 EN Engineering Tool, Sinteso FS20 EN Fire Panel FC20, Sinteso FS20 EN X200 Cloud Distribution, Sinteso FS20 EN X300 Cloud Distribution, and Sinteso Mobile. The vulnerability allows an unauthenticated remote attacker to execute code on the underlying operating system with root privileges. This is due to a lack of validation of the length of certain X.509 certificate attributes in the network communication library of the affected systems, leading to a stack-based buffer overflow. Remediation for this vulnerability involves updating affected products to versions IP8 or later for Cerberus PRO and MP8 or later for Sinteso FS20. If left unaddressed, this vulnerability poses a high danger to organizations as it can be exploited by remote attackers to gain unauthorized access and control over affected systems.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future

Note: This is just a basic overview providing quick insights into CVE-2024-22039 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future
  • Gain complete coverage of your cyber, third party, and physical attack surface
  • Proactively mitigate threats before they turn into costly attacks
  • Make fast, effective, data-driven decisions

Book your demo

Sign in

Back to Vulnerability Database