CVE-2024-22039

Name of the Vulnerable Software and Affected Versions Cerberus PRO EN Engineering Tool versions < IP8 Cerberus PRO EN Fire Panel FC72x versions < IP6 SR3 Cerberus PRO EN Fire Panel FC72x versions < IP7 SR5 Cerberus PRO EN X200 Cloud Distribution versions < V3.0.6602 Cerberus PRO EN X200 Cloud Distribution versions < V4.0.5016 Cerberus PRO EN X300 Cloud Distribution versions < V3.2.6601 Cerberus PRO EN X300 Cloud Distribution versions < V4.2.5015 Cerberus PRO UL Compact Panel FC922/924 versions < MP4 Cerberus PRO UL Engineering Tool versions < MP4 Cerberus PRO UL X300 Cloud Distribution versions < V4.3.0001 Desigo Fire Safety UL Compact Panel FC2025/2050 versions < MP4 Desigo Fire Safety UL Engineering Tool versions < MP4 Desigo Fire Safety UL X300 Cloud Distribution versions < V4.3.0001 Sinteso FS20 EN Engineering Tool versions < MP8 Sinteso FS20 EN Fire Panel FC20 versions < MP6 SR3 Sinteso FS20 EN Fire Panel FC20 versions < MP7 SR5 Sinteso FS20 EN X200 Cloud Distribution versions < V3.0.6602 Sinteso FS20 EN X200 Cloud Distribution versions < V4.0.5016 Sinteso FS20 EN X300 Cloud Distribution versions < V3.2.6601 Sinteso FS20 EN X300 Cloud Distribution versions < V4.2.5015 Sinteso Mobile versions < V3.0.0

Description The network communication library in affected systems does not validate the length of certain X.509 certificate attributes, which might result in a stack-based buffer overflow. This could allow an unauthenticated remote attacker to execute code on the underlying operating system with root privileges. The vulnerability is related to the copying of data into a buffer without checking the size of the input data, which can be exploited by an attacker to execute arbitrary code.

Recommendations For Cerberus PRO EN Engineering Tool versions < IP8, update to a version that includes the fix for this vulnerability. For Cerberus PRO EN Fire Panel FC72x versions < IP6 SR3, update to a version that includes the fix for this vulnerability. For Cerberus PRO EN Fire Panel FC72x versions < IP7 SR5, update to a version that includes the fix for this vulnerability. For Cerberus PRO EN X200 Cloud Distribution versions < V3.0.6602, update to a version that includes the fix for this vulnerability. For Cerberus PRO EN X200 Cloud Distribution versions < V4.0.5016, update to a version that includes the fix for this vulnerability. For Cerberus PRO EN X300 Cloud Distribution versions < V3.2.6601, update to a version that includes the fix for this vulnerability. For Cerberus PRO EN X300 Cloud Distribution versions < V4.2.5015, update to a version that includes the fix for this vulnerability. For Cerberus PRO UL Compact Panel FC922/924 versions < MP4, update to a version that includes the fix for this vulnerability. For Cerberus PRO UL Engineering Tool versions < MP4, update to a version that includes the fix for this vulnerability. For Cerberus PRO UL X300 Cloud Distribution versions < V4.3.0001, update to a version that includes the fix for this vulnerability. For Desigo Fire Safety UL Compact Panel FC2025/2050 versions < MP4, update to a version that includes the fix for this vulnerability. For Desigo Fire Safety UL Engineering Tool versions < MP4, update to a version that includes the fix for this vulnerability. For Desigo Fire Safety UL X300 Cloud Distribution versions < V4.3.0001, update to a version that includes the fix for this vulnerability. For Sinteso FS20 EN Engineering Tool versions < MP8, update to a version that includes the fix for this vulnerability. For Sinteso FS20 EN Fire Panel FC20 versions < MP6 SR3, update to a version that includes the fix for this vulnerability. For Sinteso FS20 EN Fire Panel FC20 versions < MP7 SR5, update to a version that includes the fix for this vulnerability. For Sinteso FS20 EN X200 Cloud Distribution versions < V3.0.6602, update to a version that includes the fix for this vulnerability. For Sinteso FS20 EN X200 Cloud Distribution versions < V4.0.5016, update to a version that includes the fix for this vulnerability. For Sinteso FS20 EN X300 Cloud Distribution versions < V3.2.6601, update to a version that includes the fix for this vulnerability. For Sinteso FS20 EN X300 Cloud Distribution versions < V4.2.5015, update to a version that includes the fix for this vulnerability. For Sinteso Mobile versions < V3.0.0, update to a version that includes the fix for this vulnerability. As a temporary workaround, consider restricting access to the network communication library until a patch is available.