CVE-2024-22040

Name of the Vulnerable Software and Affected Versions Cerberus PRO EN Engineering Tool versions prior to MP4 Cerberus PRO EN Fire Panel FC72x IP6 versions prior to IP8 SR4 Cerberus PRO EN Fire Panel FC72x IP7 versions prior to IP8 SR4 Cerberus PRO EN Fire Panel FC72x IP8 versions prior to IP8 SR4 Cerberus PRO EN X200 Cloud Distribution IP7 versions prior to V4.3.5618 Cerberus PRO EN X200 Cloud Distribution IP8 versions prior to V4.3.5618 Cerberus PRO EN X300 Cloud Distribution IP7 versions prior to V4.3.5617 Cerberus PRO EN X300 Cloud Distribution IP8 versions prior to V4.3.5617 Cerberus PRO UL Compact Panel FC922/924 versions prior to MP4 Cerberus PRO UL Engineering Tool versions prior to MP4 Cerberus PRO UL X300 Cloud Distribution versions prior to V4.3.0001 Desigo Fire Safety UL Compact Panel FC2025/2050 versions prior to MP4 Desigo Fire Safety UL Engineering Tool versions prior to MP4 Desigo Fire Safety UL X300 Cloud Distribution versions prior to V4.3.0001 Sinteso FS20 EN Engineering Tool versions prior to MP4 Sinteso FS20 EN Fire Panel FC20 MP6 versions prior to MP8 SR4 Sinteso FS20 EN Fire Panel FC20 MP7 versions prior to MP8 SR4 Sinteso FS20 EN Fire Panel FC20 MP8 versions prior to MP8 SR4 Sinteso FS20 EN X200 Cloud Distribution MP7 versions prior to V4.3.5618 Sinteso FS20 EN X200 Cloud Distribution MP8 versions prior to V4.3.5618 Sinteso FS20 EN X300 Cloud Distribution MP7 versions prior to V4.3.5617 Sinteso FS20 EN X300 Cloud Distribution MP8 versions prior to V4.3.5617 Sinteso Mobile versions prior to MP4

Description A vulnerability has been identified in the network communication library of affected systems, which insufficiently validates HMAC values, resulting in a buffer overread. This could allow an unauthenticated remote attacker to crash the network service. The vulnerability is related to a buffer overread in the memory, which can be exploited by a remote attacker to cause a denial of service.

Recommendations For Cerberus PRO EN Engineering Tool versions prior to MP4, update to a version that includes the fix for this issue. For Cerberus PRO EN Fire Panel FC72x IP6 versions prior to IP8 SR4, update to a version that includes the fix for this issue. For Cerberus PRO EN Fire Panel FC72x IP7 versions prior to IP8 SR4, update to a version that includes the fix for this issue. For Cerberus PRO EN Fire Panel FC72x IP8 versions prior to IP8 SR4, update to a version that includes the fix for this issue. For Cerberus PRO EN X200 Cloud Distribution IP7 versions prior to V4.3.5618, update to a version that includes the fix for this issue. For Cerberus PRO EN X200 Cloud Distribution IP8 versions prior to V4.3.5618, update to a version that includes the fix for this issue. For Cerberus PRO EN X300 Cloud Distribution IP7 versions prior to V4.3.5617, update to a version that includes the fix for this issue. For Cerberus PRO EN X300 Cloud Distribution IP8 versions prior to V4.3.5617, update to a version that includes the fix for this issue. For Cerberus PRO UL Compact Panel FC922/924 versions prior to MP4, update to a version that includes the fix for this issue. For Cerberus PRO UL Engineering Tool versions prior to MP4, update to a version that includes the fix for this issue. For Cerberus PRO UL X300 Cloud Distribution versions prior to V4.3.0001, update to a version that includes the fix for this issue. For Desigo Fire Safety UL Compact Panel FC2025/2050 versions prior to MP4, update to a version that includes the fix for this issue. For Desigo Fire Safety UL Engineering Tool versions prior to MP4, update to a version that includes the fix for this issue. For Desigo Fire Safety UL X300 Cloud Distribution versions prior to V4.3.0001, update to a version that includes the fix for this issue. For Sinteso FS20 EN Engineering Tool versions prior to MP4, update to a version that includes the fix for this issue. For Sinteso FS20 EN Fire Panel FC20 MP6 versions prior to MP8 SR4, update to a version that includes the fix for this issue. For Sinteso FS20 EN Fire Panel FC20 MP7 versions prior to MP8 SR4, update to a version that includes the fix for this issue. For Sinteso FS20 EN Fire Panel FC20 MP8 versions prior to MP8 SR4, update to a version that includes the fix for this issue. For Sinteso FS20 EN X200 Cloud Distribution MP7 versions prior to V4.3.5618, update to a version that includes the fix for this issue. For Sinteso FS20 EN X200 Cloud Distribution MP8 versions prior to V4.3.5618, update to a version that includes the fix for this issue. For Sinteso FS20 EN X300 Cloud Distribution MP7 versions prior to V4.3.5617, update to a version that includes the fix for this issue. For Sinteso FS20 EN X300 Cloud Distribution MP8 versions prior to V4.3.5617, update to a version that includes the fix for this issue. For Sinteso Mobile versions prior to MP4, update to a version that includes the fix for this issue. As a temporary workaround, consider disabling the network communication library until a patch is available. Restrict access to the affected systems to minimize the risk of exploitation. Avoid using the affected systems until the issue is resolved.