A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions < IP8), Cerberus PRO EN Fire Panel FC72x IP6 (All versions < IP6 SR3), Cerberus PRO EN Fire Panel FC72x IP7 (All versions < IP7 SR5), Cerberus PRO EN X200 Cloud Distribution IP7 (All versions < V3.0.6602), Cerberus PRO EN X200 Cloud Distribution IP8 (All versions < V4.0.5016), Cerberus PRO EN X300 Cloud Distribution IP7 (All versions < V3.2.6601), Cerberus PRO EN X300 Cloud Distribution IP8 (All versions < V4.2.5015), Cerberus PRO UL Compact Panel FC922/924 (All versions < MP4), Cerberus PRO UL Engineering Tool (All versions < MP4), Cerberus PRO UL X300 Cloud Distribution (All versions < V4.3.0001), Desigo Fire Safety UL Compact Panel FC2025/2050 (All versions < MP4), Desigo Fire Safety UL Engineering Tool (All versions < MP4), Desigo Fire Safety UL X300 Cloud Distribution (All versions < V4.3.0001), Sinteso FS20 EN Engineering Tool (All versions < MP8), Sinteso FS20 EN Fire Panel FC20 MP6 (All versions < MP6 SR3), Sinteso FS20 EN Fire Panel FC20 MP7 (All versions < MP7 SR5), Sinteso FS20 EN X200 Cloud Distribution MP7 (All versions < V3.0.6602), Sinteso FS20 EN X200 Cloud Distribution MP8 (All versions < V4.0.5016), Sinteso FS20 EN X300 Cloud Distribution MP7 (All versions < V3.2.6601), Sinteso FS20 EN X300 Cloud Distribution MP8 (All versions < V4.2.5015), Sinteso Mobile (All versions < V3.0.0). The network communication library in affected systems does not validate the length of certain X.509 certificate attributes which might result in a stack-based buffer overflow. This could allow an unauthenticated remote attacker to execute code on the underlying operating system with root privileges.
The network communication library in vulnerable systems does not verify the length of specified X.509 certificate attributes. Sending a crafted certificate with excessively long attributes causes a stack-based buffer overflow (CWE-120). The exploit does not require authentication or user interaction and can be conducted remotely over the network.
An attacker can execute arbitrary code on the device's operating system with root privileges, meaning complete takeover of the fire safety panel or engineering tool, and consequently potential manipulation of the fire alarm signaling system.
Software must be updated to versions indicated as patched: Cerberus PRO EN Engineering Tool to IP8, Fire Panel FC72x to IP6 SR3 or IP7 SR5, X200 Cloud Distribution to V3.0.6602 or V4.0.5016, X300 Cloud Distribution to V3.2.6601 or V4.2.5015, UL and Desigo variants to MP4 or V4.3.0001, Sinteso FS20 EN Engineering Tool to MP8, Fire Panel FC20 to MP6 SR3 or MP7 SR5, Sinteso Mobile to V3.0.0. Detailed instructions available in manufacturer bulletins SSA-225840 and SSA-953710 at cert-portal.siemens.com. Until patches are deployed, network isolation of devices and restriction of network access to trusted hosts only is recommended.
Cerberus PRO EN Engineering Tool (< IP8), Cerberus PRO EN Fire Panel FC72x IP6 (< IP6 SR3) and IP7 (< IP7 SR5), Cerberus PRO EN X200 Cloud Distribution IP7 (< V3.0.6602) and IP8 (< V4.0.5016), Cerberus PRO EN X300 Cloud Distribution IP7 (< V3.2.6601) and IP8 (< V4.2.5015), Cerberus PRO UL Compact Panel FC922/924 (< MP4), Cerberus PRO UL Engineering Tool (< MP4), Cerberus PRO UL X300 Cloud Distribution (< V4.3.0001), Desigo Fire Safety UL Compact Panel FC2025/2050 (< MP4), Desigo Fire Safety UL Engineering Tool (< MP4), Desigo Fire Safety UL X300 Cloud Distribution (< V4.3.0001), Sinteso FS20 EN Engineering Tool (< MP8), Sinteso FS20 EN Fire Panel FC20 MP6 (< MP6 SR3) and MP7 (< MP7 SR5), Sinteso FS20 EN X200 Cloud Distribution MP7 (< V3.0.6602) and MP8 (< V4.0.5016), Sinteso FS20 EN X300 Cloud Distribution MP7 (< V3.2.6601) and MP8 (< V4.2.5015), Sinteso Mobile (< V3.0.0)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HSiemens Cerberus Pro En Engineering Tool
APPSiemens< ip8Siemens Cerberus Pro En Fire Panel Fc72x
APPSiemens< ip8Siemens Cerberus Pro En X200 Cloud Distribution
APPSiemens< 4.0.5016Siemens Cerberus Pro En X300 Cloud Distribution
APPSiemens< 4.2.5015Siemens Sinteso Fs20 En Engineering Tool
APPSiemens< mp8Siemens Sinteso Fs20 En Fire Panel Fc20
APPSiemens< mp8Siemens Sinteso Fs20 En X200 Cloud Distribution
APPSiemens< 4.0.5016Siemens Sinteso Fs20 En X300 Cloud Distribution
APPSiemens< 4.2.5015Siemens Sinteso Mobile
APPSiemens< 3.0.0
Related vulnerabilities
Buffer overflow RCE z uprawnieniami root w PAN-OS Captive Portal
Fortinet – Auth Bypass przez FortiCloud SSO w wielu produktach
Fortinet FortiOS/FortiProxy/FortiSwitchManager — Auth Bypass przez SAML
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) ...
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-defau...