PatchSiren cyber security CVE debrief
CVE-2024-22039 Siemens CVE debrief
A critical stack-based buffer overflow vulnerability exists in the network communication library used by Siemens Cerberus PRO UL and Desigo Fire Safety UL fire protection systems. The flaw stems from improper validation of X.509 certificate attribute lengths, which could enable unauthenticated remote code execution with root privileges. Exploitation requires an on-path attacker positioned to intercept engineering tool communications within the fire system network. The vulnerability carries a CVSS 3.1 score of 10.0 (Critical), reflecting its network attack vector, low complexity, and high impact across confidentiality, integrity, and availability. Siemens has released firmware updates to address this issue, with specific version requirements varying by product line.
- Vendor
- Siemens
- Product
- Cerberus PRO EN Engineering Tool
- CVSS
- CRITICAL 10
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-03-12
- Original CVE updated
- 2024-05-14
- Advisory published
- 2024-03-12
- Advisory updated
- 2024-05-14
Who should care
Organizations operating Siemens Cerberus PRO UL or Desigo Fire Safety UL fire protection systems, particularly those with remote engineering access or cloud-connected deployments. Critical infrastructure operators, facility managers, and OT security teams responsible for life safety system integrity should prioritize this remediation.
Technical summary
The vulnerability resides in a network communication library that fails to validate the length of specific X.509 certificate attributes. When processing malformed certificates, a stack-based buffer overflow can occur. An on-path attacker who intercepts engineering tool communications can inject malicious certificates to trigger the overflow, potentially achieving arbitrary code execution. The attack complexity is rated low (AC:L) with no privileges required (PR:N) and no user interaction needed (UI:N), though the scope changes (S:C) due to the potential for impact beyond the vulnerable component. The exploitability is rated as proof-of-concept (E:P) with a remediation level of official fix available (RL:O).
Defensive priority
critical
Recommended defensive actions
- Apply vendor-provided firmware updates immediately: update Cerberus PRO UL Compact Panel FC922/924 and Engineering Tool to MP4 or later; update Cerberus PRO UL X300 Cloud Distribution to V4.3.0001 or later
- Apply vendor-provided firmware updates immediately: update Desigo Fire Safety UL Compact Panel FC2025/2050 and Engineering Tool to MP4 or later; update Desigo Fire Safety UL X300 Cloud Distribution to V4.3.0001 or later
- Segment fire system networks from enterprise and internet-facing networks to limit attacker positioning opportunities
- Implement network monitoring to detect anomalous certificate exchanges or engineering tool communication interception attempts
- Restrict physical and logical access to fire system networks to authorized personnel only
- Review and validate X.509 certificate chains in engineering tool configurations where supported
Evidence notes
The vulnerability description and affected product list are derived from CISA CSAF advisory ICSA-24-137-12, which references Siemens security advisory SSA-953710. The CVSS vector and remediation guidance are sourced from the same CSAF document. No known exploitation in the wild has been reported as of the advisory publication date.
Official resources
-
CVE-2024-22039 CVE record
CVE.org
-
CVE-2024-22039 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-05-14