SIEMENS-SSA-225840 · Published 2024-05-14 · View on Siemens ProductCERT ↗

SSA-225840 V1.1 (Last Update: 2024-05-14): Vulnerabilities in the Network Communication Stack in Sinteso EN and Cerberus PRO EN Fire Protection Systems

CVSS 10.0 CRITICAL

Risk Summary

Several products used in Sinteso EN and Cerberus PRO EN Fire Protection Systems contain buffer overflow vulnerabilities in the network communication stack. Successful exploitation of the vulnerabilities could allow an unauthenticated attacker, who gained access to the fire protection system network, to execute arbitrary code on the affected products (CVE-2024-22039) or create a denial of service condition (CVE-2024-22040, CVE-2024-22041). Product-specific impact of the individual vulnerabilities is documented in the chapter “Vulnerability Description”. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends countermeasures for products where fixes are not, or not yet available.

CVEs (3)

CVE-2024-22039 CVE-2024-22040 CVE-2024-22041

Remediations

Refer to Siemens ProductCERT advisory for patch and remediation guidance.

Affected Vendors

Siemens

Affected Products (1)

Siemens · SSA-225840 V1.1 (Last Update: 2024-05-14): Vulnerabilities in the Network Communication Stack in Sinteso EN and Cerberus PRO EN Fire Protection Systems See advisory

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more