SIEMENS-SSA-953710 · Published 2024-05-14 · View on Siemens ProductCERT ↗

SSA-953710 V1.0: Vulnerabilities in the Network Communication Stack in Desigo Fire Safety UL and Cerberus PRO UL Fire Protection Systems

CVSS 10.0 CRITICAL

Risk Summary

Several products used in Desigo Fire Safety UL and Cerberus PRO UL Fire Protection Systems contain buffer overflow vulnerabilities in the network communication stack. Successful exploitation of the vulnerabilities could allow an unauthenticated attacker, who gained access to the fire protection system network, to execute arbitrary code on the affected products (CVE-2024-22039) or create a denial of service condition (CVE-2024-22040, CVE-2024-22041). Product-specific impact of the individual vulnerabilities is documented in the chapter “Vulnerability Description”. Siemens has released new versions for the affected products and recommends to update to the latest versions.

CVEs (3)

CVE-2024-22039 CVE-2024-22040 CVE-2024-22041

Remediations

Refer to Siemens ProductCERT advisory for patch and remediation guidance.

Affected Vendors

Siemens

Affected Products (1)

Siemens · SSA-953710 V1.0: Vulnerabilities in the Network Communication Stack in Desigo Fire Safety UL and Cerberus PRO UL Fire Protection Systems See advisory

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more