Siemens Sinteso EN Cerberus PRO EN Fire Protection Systems

Act Now10ICS-CERT ICSA-24-074-09Mar 12, 2024

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Buffer overflow vulnerabilities exist in the network communication stack of Sinteso EN and Cerberus PRO EN Fire Protection Systems. An unauthenticated attacker with network access to affected fire panels, cloud distribution appliances, engineering tools, or mobile apps can send specially crafted packets to trigger buffer overflows, allowing arbitrary code execution (CVE-2024-22039) or denial of service (CVE-2024-22040, CVE-2024-22041). Affected products include Cerberus PRO EN and Sinteso FS20 EN engineering tools, fire panels (FC72x and FC20 series), X200/X300 cloud distribution nodes, and Sinteso Mobile. Siemens has released fixes for cloud distribution appliances and some fire panels but states no fix is available for engineering tools and older fire panel models.

What this means

What could happen

An attacker with network access to your fire protection system could run arbitrary code on affected panels or cloud distribution nodes, potentially disabling fire alarm detection, suppression control, or monitoring—or cause system crashes that prevent fire response. Engineering tools and mobile apps could also be compromised, allowing unauthorized system configuration changes.

Who's at risk

This vulnerability affects fire protection system operators using Siemens Sinteso EN or Cerberus PRO EN products, including fire alarm panels (FC72x, FC20 series), cloud-based distribution and monitoring nodes (X200, X300 series), engineering workstations, and mobile apps. If your facility relies on these systems for fire detection, alarm propagation, suppression control, or monitoring, you should assess whether your equipment versions are affected.

How it could be exploited

An attacker sends a specially crafted network packet to the fire panel, cloud distribution appliance, or mobile app that contains more data than the network communication buffer can hold. This buffer overflow overwrites adjacent memory and allows the attacker to inject and execute arbitrary code on the device, or crash it to deny service. No authentication is required—the attacker only needs network connectivity to the device.

Prerequisites

Network access to the fire protection system (same subnet or routable network)
For engineering tools or mobile apps: ability to send network traffic to the device
No credentials or authentication needed

remotely exploitableno authentication requiredlow complexity attackaffects safety-critical fire protection systemsmultiple unpatched product variantshigh CVSS score (10.0)

Exploitability

Moderate exploit probability (EPSS 8.0%)

Affected products (32)

16 with fix16 EOL

ProductAffected VersionsFix Status

Cerberus PRO EN X200 Cloud Distribution IP7<V3.0.66023.0.6602

Cerberus PRO EN X200 Cloud Distribution IP8<V4.0.50164.0.5016

Cerberus PRO EN X200 Cloud Distribution IP8<V4.3.56184.3.5618

Cerberus PRO EN X300 Cloud Distribution IP7<V3.2.66013.2.6601

Cerberus PRO EN X300 Cloud Distribution IP8<V4.2.50154.2.5015

Remediation & Mitigation

0/8

Do now

0/3

HARDENINGIsolate fire protection system network from business network and internet using firewall segmentation

HARDENINGRestrict network access to fire panels and cloud distribution appliances to authorized engineering workstations and monitoring stations only

HARDENINGIf remote access to engineering tools is required, use VPN with strong authentication and keep VPN software updated

Schedule — requires maintenance window

0/5

Patching may require device reboot — plan for process interruption

Sinteso Mobile

HOTFIXUpdate Sinteso Mobile to V3.0.0 or later

All products

HOTFIXUpdate Cerberus PRO EN X200 Cloud Distribution and Sinteso FS20 EN X200 Cloud Distribution to V4.3.5618 or later

HOTFIXUpdate Cerberus PRO EN X300 Cloud Distribution and Sinteso FS20 EN X300 Cloud Distribution to V4.3.5617 or later

HOTFIXUpdate Sinteso FS20 EN Fire Panel FC20 to MP8 SR4 or later

HOTFIXUpdate Cerberus PRO EN Fire Panel FC72x to IP8 SR4 or later

CVEs (3)

CVE-2024-22039 CVE-2024-22040 CVE-2024-22041

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/c199a19b-d787-4081-8eac-b992e2675e1b