May 14, 2024, midnight |

Siemens ProductCERT Security Advisories

Several products used in Desigo Fire Safety UL and Cerberus PRO UL Fire Protection Systems contain buffer overflow vulnerabilities in the network communication stack. Successful exploitation of the vulnerabilities could allow an unauthenticated attacker, who gained access to the fire protection system network, to execute arbitrary code on the affected products (CVE-2024-22039) or create a denial of service condition (CVE-2024-22040, CVE-2024-22041).

Product-specific impact of the individual vulnerabilities is documented in the chapter “Vulnerability Description”.

Siemens has released new versions for …

access attacker buffer buffer overflow buffer overflow vulnerabilities cerberus communication exploitation fire network network communication overflow pro products protection safety ssa stack systems unauthenticated vulnerabilities

More from / Siemens ProductCERT Security Advisories

Sr. Product Manager

@ MixMode | Remote, US

Information Security Engineers

@ D. E. Shaw Research | New York City

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA

Information Security (Network) Consultant

@ Xcellink Pte Ltd | Singapore, Singapore, Singapore

Information Security Management System Manager

@ Babcock | Bristol, GB, BS3 2HQ