NVD

Vulnerability Change Records for CVE-2024-22039

Action	Type	New Value
Added	CVSS V3.1	Siemens AG AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Added	CWE	Siemens AG CWE-120
Added	Description	A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions < IP8), Cerberus PRO EN Fire Panel FC72x (All versions < IP8), Cerberus PRO EN X200 Cloud Distribution (All versions < V4.0.5016), Cerberus PRO EN X300 Cloud Distribution (All versions < V4.2.5015), Sinteso FS20 EN Engineering Tool (All versions < MP8), Sinteso FS20 EN Fire Panel FC20 (All versions < MP8), Sinteso FS20 EN X200 Cloud Distribution (All versions < V4.0.5016), Sinteso FS20 EN X300 Cloud Distribution (All versions < V4.2.5015), Sinteso Mobile (All versions < V3.0.0). The network communication library in affected systems does not validate the length of certain X.509 certificate attributes which might result in a stack-based buffer overflow. This could allow an unauthenticated remote attacker to execute code on the underlying operating system with root privileges.
Added	Reference	Siemens AG https://cert-portal.siemens.com/productcert/html/ssa-225840.html [No types assigned]