Default credentials

2023-12-1822:15:00

PRIOn knowledge base

www.prio-n.com

default credentials

sensitive information

controller 6000

diagnostic password

physical access

configuration

gallagher

nvd

6.8 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

20.9%

JSON

Sensitive information uncleared after debug/power state transition in the Controller 6000 could be abused by an attacker with knowledge of the Controller’s default diagnostic password and physical access to the Controller to view its configuration through the diagnostic web pages.

This issue affects: Gallagher Controller 6000 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)), v8.60 or earlier.

CPENameOperatorVersion
controller_6000_firmwarele8.60
controller_6000_firmwarege8.70
controller_6000_firmwarelt8.70.231204

Name	Operator	Version
controller_6000_firmware	le	8.60
controller_6000_firmware	ge	8.70
controller_6000_firmware	lt	8.70.231204

References

security.gallagher.com/Security-Advisories/CVE-2023-41967