漏洞标题
N/A
漏洞描述信息
受影响系统的网络通信库未验证某些X.509证书属性的长度,这可能导致栈基缓冲区溢出。
这可能允许未经身份验证的远程攻击者在底层操作系统上以root权限执行代码。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
漏洞类别
未加控制的资源消耗(资源穷尽)
漏洞标题
N/A
漏洞描述信息
A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions < IP8), Cerberus PRO EN Fire Panel FC72x IP6 (All versions < IP6 SR3), Cerberus PRO EN Fire Panel FC72x IP7 (All versions < IP7 SR5), Cerberus PRO EN X200 Cloud Distribution IP7 (All versions < V3.0.6602), Cerberus PRO EN X200 Cloud Distribution IP8 (All versions < V4.0.5016), Cerberus PRO EN X300 Cloud Distribution IP7 (All versions < V3.2.6601), Cerberus PRO EN X300 Cloud Distribution IP8 (All versions < V4.2.5015), Cerberus PRO UL Compact Panel FC922/924 (All versions < MP4), Cerberus PRO UL Engineering Tool (All versions < MP4), Cerberus PRO UL X300 Cloud Distribution (All versions < V4.3.0001), Desigo Fire Safety UL Compact Panel FC2025/2050 (All versions < MP4), Desigo Fire Safety UL Engineering Tool (All versions < MP4), Desigo Fire Safety UL X300 Cloud Distribution (All versions < V4.3.0001), Sinteso FS20 EN Engineering Tool (All versions < MP8), Sinteso FS20 EN Fire Panel FC20 MP6 (All versions < MP6 SR3), Sinteso FS20 EN Fire Panel FC20 MP7 (All versions < MP7 SR5), Sinteso FS20 EN X200 Cloud Distribution MP7 (All versions < V3.0.6602), Sinteso FS20 EN X200 Cloud Distribution MP8 (All versions < V4.0.5016), Sinteso FS20 EN X300 Cloud Distribution MP7 (All versions < V3.2.6601), Sinteso FS20 EN X300 Cloud Distribution MP8 (All versions < V4.2.5015), Sinteso Mobile (All versions < V3.0.0). The network communication library in affected systems does not validate the length of certain X.509 certificate attributes which might result in a stack-based buffer overflow.
This could allow an unauthenticated remote attacker to execute code on the underlying operating system with root privileges.
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
漏洞类别
未进行输入大小检查的缓冲区拷贝(传统缓冲区溢出)
漏洞标题
Siemens 多款产品安全漏洞
漏洞描述信息
Siemens Cerberus PRO是德国西门子(Siemens)公司的一种高级集成火警系统。 Siemens 多款产品存在安全漏洞,该漏洞源于网络通信库不会验证某些 X.509 证书属性的长度,导致基于堆栈的缓冲区溢出,以下产品和版本受到影响:Cerberus PRO EN Engineering Tool IP8 之前版本、Cerberus PRO EN Fire Panel FC72x IP8 之前版本、Cerberus PRO EN Fire Panel FC72x IP8 SR4之前版本、C
CVSS信息
N/A
漏洞类别
其他