NVD

Vulnerability Change Records for CVE-2024-22040

Action	Type	New Value
Added	CVSS V3.1	Siemens AG AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Added	CWE	Siemens AG CWE-125
Added	Description	A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions), Cerberus PRO EN Fire Panel FC72x (All versions < IP8 SR4), Cerberus PRO EN X200 Cloud Distribution (All versions < V4.3.5618), Cerberus PRO EN X300 Cloud Distribution (All versions < V4.3.5617), Sinteso FS20 EN Engineering Tool (All versions), Sinteso FS20 EN Fire Panel FC20 (All versions < MP8 SR4), Sinteso FS20 EN X200 Cloud Distribution (All versions < V4.3.5618), Sinteso FS20 EN X300 Cloud Distribution (All versions < V4.3.5617), Sinteso Mobile (All versions). The network communication library in affected systems insufficiently validates HMAC values which might result in a buffer overread. This could allow an unauthenticated remote attacker to crash the network service.
Added	Reference	Siemens AG https://cert-portal.siemens.com/productcert/html/ssa-225840.html [No types assigned]