{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-05T15:16:58.614","vulnerabilities":[{"cve":{"id":"CVE-2024-22039","sourceIdentifier":"productcert@siemens.com","published":"2024-03-12T11:15:48.420","lastModified":"2024-11-21T08:55:26.327","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions < IP8), Cerberus PRO EN Fire Panel FC72x IP6 (All versions < IP6 SR3), Cerberus PRO EN Fire Panel FC72x IP7 (All versions < IP7 SR5), Cerberus PRO EN X200 Cloud Distribution IP7 (All versions < V3.0.6602), Cerberus PRO EN X200 Cloud Distribution IP8 (All versions < V4.0.5016), Cerberus PRO EN X300 Cloud Distribution IP7 (All versions < V3.2.6601), Cerberus PRO EN X300 Cloud Distribution IP8 (All versions < V4.2.5015), Cerberus PRO UL Compact Panel FC922/924 (All versions < MP4), Cerberus PRO UL Engineering Tool (All versions < MP4), Cerberus PRO UL X300 Cloud Distribution (All versions < V4.3.0001), Desigo Fire Safety UL Compact Panel FC2025/2050 (All versions < MP4), Desigo Fire Safety UL Engineering Tool (All versions < MP4), Desigo Fire Safety UL X300 Cloud Distribution (All versions < V4.3.0001), Sinteso FS20 EN Engineering Tool (All versions < MP8), Sinteso FS20 EN Fire Panel FC20 MP6 (All versions < MP6 SR3), Sinteso FS20 EN Fire Panel FC20 MP7 (All versions < MP7 SR5), Sinteso FS20 EN X200 Cloud Distribution MP7 (All versions < V3.0.6602), Sinteso FS20 EN X200 Cloud Distribution MP8 (All versions < V4.0.5016), Sinteso FS20 EN X300 Cloud Distribution MP7 (All versions < V3.2.6601), Sinteso FS20 EN X300 Cloud Distribution MP8 (All versions < V4.2.5015), Sinteso Mobile (All versions < V3.0.0). The network communication library in affected systems does not validate the length of certain X.509 certificate attributes which might result in a stack-based buffer overflow.\r\nThis could allow an unauthenticated remote attacker to execute code on the underlying operating system with root privileges."},{"lang":"es","value":"Se ha identificado una vulnerabilidad en Cerberus PRO EN Engineering Tool (todas las versiones < IP8), Cerberus PRO EN Fire Panel FC72x (todas las versiones < IP8), Cerberus PRO EN X200 Cloud Distribution (todas las versiones < V4.0.5016), Cerberus PRO EN X300 Distribución en la nube (todas las versiones < V4.2.5015), herramienta de ingeniería Sinteso FS20 EN (todas las versiones < MP8), central de incendios Sinteso FS20 EN FC20 (todas las versiones < MP8), distribución en la nube Sinteso FS20 EN X200 (todas las versiones < V4.0.5016) , Sinteso FS20 EN X300 Cloud Distribution (todas las versiones "}],"metrics":{"cvssMetricV31":[{"source":"productcert@siemens.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"productcert@siemens.com","type":"Secondary","description":[{"lang":"en","value":"CWE-120"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:siemens:cerberus_pro_en_engineering_tool:*:*:*:*:*:*:*:*","versionEndExcluding":"ip8","matchCriteriaId":"51481F41-444E-4B78-A15F-516C7EC2F50D"},{"vulnerable":true,"criteria":"cpe:2.3:a:siemens:cerberus_pro_en_fire_panel_fc72x:*:*:*:*:*:*:*:*","versionEndExcluding":"ip8","matchCriteriaId":"7E15F412-20D3-417B-9DD7-F9861D44644B"},{"vulnerable":true,"criteria":"cpe:2.3:a:siemens:cerberus_pro_en_x200_cloud_distribution:*:*:*:*:*:*:*:*","versionEndExcluding":"4.0.5016","matchCriteriaId":"F4595AA9-ADC3-49EE-9767-2043DBB7FEE4"},{"vulnerable":true,"criteria":"cpe:2.3:a:siemens:cerberus_pro_en_x300_cloud_distribution:*:*:*:*:*:*:*:*","versionEndExcluding":"4.2.5015","matchCriteriaId":"C2EC2222-3208-4677-9DC0-84EF66D3C44B"},{"vulnerable":true,"criteria":"cpe:2.3:a:siemens:sinteso_fs20_en_engineering_tool:*:*:*:*:*:*:*:*","versionEndExcluding":"mp8","matchCriteriaId":"AD41968F-E374-41DB-9B43-551693339918"},{"vulnerable":true,"criteria":"cpe:2.3:a:siemens:sinteso_fs20_en_fire_panel_fc20:*:*:*:*:*:*:*:*","versionEndExcluding":"mp8","matchCriteriaId":"82F92204-A977-48F7-9247-B283D9371CCA"},{"vulnerable":true,"criteria":"cpe:2.3:a:siemens:sinteso_fs20_en_x200_cloud_distribution:*:*:*:*:*:*:*:*","versionEndExcluding":"4.0.5016","matchCriteriaId":"40675EA2-2B5A-490D-989A-2726941BDA6B"},{"vulnerable":true,"criteria":"cpe:2.3:a:siemens:sinteso_fs20_en_x300_cloud_distribution:*:*:*:*:*:*:*:*","versionEndExcluding":"4.2.5015","matchCriteriaId":"BE335B38-42D4-4BB4-A549-FDEB897A56AD"},{"vulnerable":true,"criteria":"cpe:2.3:a:siemens:sinteso_mobile:*:*:*:*:*:*:*:*","versionEndExcluding":"3.0.0","matchCriteriaId":"AC5EDF20-9665-4487-AF9E-2E4FF12E7BBD"}]}]}],"references":[{"url":"https://cert-portal.siemens.com/productcert/html/ssa-225840.html","source":"productcert@siemens.com","tags":["Patch","Vendor Advisory"]},{"url":"https://cert-portal.siemens.com/productcert/html/ssa-953710.html","source":"productcert@siemens.com"},{"url":"https://cert-portal.siemens.com/productcert/html/ssa-225840.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://cert-portal.siemens.com/productcert/html/ssa-953710.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}