7.5
CVE-2024-22040
- EPSS 0.33%
- Published 12.03.2024 11:15:48
- Last modified 21.11.2024 08:55:26
- Source productcert@siemens.com
- Teams watchlist Login
- Open Login
A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions), Cerberus PRO EN Fire Panel FC72x IP6 (All versions), Cerberus PRO EN Fire Panel FC72x IP7 (All versions), Cerberus PRO EN Fire Panel FC72x IP8 (All versions < IP8 SR4), Cerberus PRO EN X200 Cloud Distribution IP7 (All versions), Cerberus PRO EN X200 Cloud Distribution IP8 (All versions < V4.3.5618), Cerberus PRO EN X300 Cloud Distribution IP7 (All versions), Cerberus PRO EN X300 Cloud Distribution IP8 (All versions < V4.3.5617), Cerberus PRO UL Compact Panel FC922/924 (All versions < MP4), Cerberus PRO UL Engineering Tool (All versions < MP4), Cerberus PRO UL X300 Cloud Distribution (All versions < V4.3.0001), Desigo Fire Safety UL Compact Panel FC2025/2050 (All versions < MP4), Desigo Fire Safety UL Engineering Tool (All versions < MP4), Desigo Fire Safety UL X300 Cloud Distribution (All versions < V4.3.0001), Sinteso FS20 EN Engineering Tool (All versions), Sinteso FS20 EN Fire Panel FC20 MP6 (All versions), Sinteso FS20 EN Fire Panel FC20 MP7 (All versions), Sinteso FS20 EN Fire Panel FC20 MP8 (All versions < MP8 SR4), Sinteso FS20 EN X200 Cloud Distribution MP7 (All versions), Sinteso FS20 EN X200 Cloud Distribution MP8 (All versions < V4.3.5618), Sinteso FS20 EN X300 Cloud Distribution MP7 (All versions), Sinteso FS20 EN X300 Cloud Distribution MP8 (All versions < V4.3.5617), Sinteso Mobile (All versions). The network communication library in affected systems insufficiently validates HMAC values which might result in a buffer overread. This could allow an unauthenticated remote attacker to crash the network service.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
Vendorsiemens
≫
Product
cerberus_pro_en_engineering_tool
Default Statusunknown
Version
-
Status
affected
Vendorsiemens
≫
Product
cerberus_pro_en_fire_panel_fc72x
Default Statusunknown
Version
-
Status
affected
Vendorsiemens
≫
Product
cerberus_pro_en_x300_cloud_distribution
Default Statusunknown
Version
-
Status
affected
Vendorsiemens
≫
Product
cerberus_pro_ul_compact_panel
Default Statusunknown
Version
*
Status
affected
Vendorsiemens
≫
Product
cerberus_pro_en_x200_cloud_distribution
Default Statusunknown
Version
-
Status
affected
Vendorsiemens
≫
Product
cerberus_pro_ul_engineering_tool
Default Statusunknown
Version
*
Status
affected
Vendorsiemens
≫
Product
cerberus_pro_ul_x300_cloud
Default Statusunknown
Version
*
Status
affected
Vendorsiemens
≫
Product
desigo_fire_safety_ul_compact_panel
Default Statusunknown
Version <
mp4
Version
0
Status
affected
Vendorsiemens
≫
Product
desigo_fire_safety_ul_engineering_tool
Default Statusunknown
Version <
v4.3.0001
Version
0
Status
affected
Vendorsiemens
≫
Product
sinteso_fs20_en_fire_panel_fc20
Default Statusunknown
Version
-
Status
affected
Vendorsiemens
≫
Product
sinteso_fs20_en_x200_cloud_distribution
Default Statusunknown
Version
*
Status
affected
Vendorsiemens
≫
Product
sinteso_fs20_en_x300_cloud_distribution
Default Statusunknown
Version
*
Status
affected
Vendorsiemens
≫
Product
sinteso_mobile
Default Statusunknown
Version
*
Status
affected
Vendorsiemens
≫
Product
sinteso_fs20_en_engineering_tool
Default Statusunknown
Version
*
Status
affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.33% | 0.55 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| productcert@siemens.com | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-125 Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.