Cyber Resilience

CVE-2024-22039

Critical

Published: 12 March 2024

Published
12 March 2024
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.1105 93.6th percentile
Risk Priority 27 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-22039 is a critical-severity Classic Buffer Overflow (CWE-120) vulnerability in Siemens Cerberus Pro En Engineering Tool. Its CVSS base score is 10.0 (Critical).

Operationally, ranked in the top 6.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

CVE-2024-22039 is a stack-based buffer overflow (CWE-120) in the network communication library of multiple Siemens fire-safety products. The flaw stems from missing length validation on certain X.509 certificate attributes and affects Cerberus PRO EN Engineering Tool and Fire Panels (FC72x, FC20, FC922/924), Desigo Fire Safety UL panels and tools, Sinteso FS20 panels and tools, the associated X200/X300 Cloud Distribution components, and Sinteso Mobile, all prior to the versions listed in the advisory.

An unauthenticated remote attacker can supply a crafted certificate over the network to trigger the overflow, resulting in arbitrary code execution with root privileges on the underlying operating system. The vulnerability carries a CVSS 3.1 score of 10.0, reflecting network attack vector, low complexity, and full impact on confidentiality, integrity Availability, and scope.

Siemens has published product-specific advisories (SSA-225840 and SSA-953710) that identify the fixed firmware and software versions for each affected component; operators should apply the listed updates (for example, IP6 SR3, IP7 SR5, MP4, V3.0.6602 and later) to eliminate the vulnerable library code.

The associated EPSS score has remained flat at 0.1105 with no material increase since disclosure.

EU & UK References

Vulnerability details

A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions < IP8), Cerberus PRO EN Fire Panel FC72x IP6 (All versions < IP6 SR3), Cerberus PRO EN Fire Panel FC72x IP7 (All versions < IP7 SR5), Cerberus…

more

PRO EN X200 Cloud Distribution IP7 (All versions < V3.0.6602), Cerberus PRO EN X200 Cloud Distribution IP8 (All versions < V4.0.5016), Cerberus PRO EN X300 Cloud Distribution IP7 (All versions < V3.2.6601), Cerberus PRO EN X300 Cloud Distribution IP8 (All versions < V4.2.5015), Cerberus PRO UL Compact Panel FC922/924 (All versions < MP4), Cerberus PRO UL Engineering Tool (All versions < MP4), Cerberus PRO UL X300 Cloud Distribution (All versions < V4.3.0001), Desigo Fire Safety UL Compact Panel FC2025/2050 (All versions < MP4), Desigo Fire Safety UL Engineering Tool (All versions < MP4), Desigo Fire Safety UL X300 Cloud Distribution (All versions < V4.3.0001), Sinteso FS20 EN Engineering Tool (All versions < MP8), Sinteso FS20 EN Fire Panel FC20 MP6 (All versions < MP6 SR3), Sinteso FS20 EN Fire Panel FC20 MP7 (All versions < MP7 SR5), Sinteso FS20 EN X200 Cloud Distribution MP7 (All versions < V3.0.6602), Sinteso FS20 EN X200 Cloud Distribution MP8 (All versions < V4.0.5016), Sinteso FS20 EN X300 Cloud Distribution MP7 (All versions < V3.2.6601), Sinteso FS20 EN X300 Cloud Distribution MP8 (All versions < V4.2.5015), Sinteso Mobile (All versions < V3.0.0). The network communication library in affected systems does not validate the length of certain X.509 certificate attributes which might result in a stack-based buffer overflow. This could allow an unauthenticated remote attacker to execute code on the underlying operating system with root privileges.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

siemens
cerberus pro en engineering tool
≤ ip8
siemens
cerberus pro en fire panel fc72x
≤ ip8
siemens
cerberus pro en x200 cloud distribution
≤ 4.0.5016
siemens
cerberus pro en x300 cloud distribution
≤ 4.2.5015
siemens
sinteso fs20 en engineering tool
≤ mp8
siemens
sinteso fs20 en fire panel fc20
≤ mp8
siemens
sinteso fs20 en x200 cloud distribution
≤ 4.0.5016
siemens
sinteso fs20 en x300 cloud distribution
≤ 4.2.5015
siemens
sinteso mobile
≤ 3.0.0

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-120

Platform-independent managed code eliminates the need for unchecked native buffer copies that are the root cause of classic buffer overflows.

References