Lucene search
K

59 matches found

CVE
CVE
added 2024/07/11 2:38 a.m.50 views

CVE-2024-23485

CVE-2024-23485 affects Gallagher Controller 6000 and 7000. Root cause: improper preservation of hardware configuration state during a power save/restore operation, which can cause Aperio-connected door locks to momentarily allow free access. Affected versions span 8.60 and prior; 8.70 prior to vC...

4.6CVSS4.9AI score0.00186EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/07/11 12:0 a.m.4 views

Gallagher Controller 6000 and Gallagher Controller 7000 Security Vulnerabilities

The Gallagher Controller 6000 and Gallagher Controller 7000 are both products of Gallagher New Zealand.The Gallagher Controller 6000 is an interface between a Gallagher Command Center server and distributed field hardware. The Gallagher Controller 7000 is a powerful network connected controller. ...

6.8CVSS6.4AI score0.00306EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/07/11 12:0 a.m.5 views

Gallagher Controller 6000 and Gallagher Controller 7000 Security Vulnerabilities

The Gallagher Controller 6000 and Gallagher Controller 7000 are both products of Gallagher New Zealand.The Gallagher Controller 6000 is an interface between a Gallagher Command Center server and distributed field hardware. The Gallagher Controller 7000 is a powerful network connected controller. ...

4.6CVSS6.8AI score0.00186EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/07/11 12:0 a.m.5 views

Gallagher Controller 6000 and Gallagher Controller 7000 Security Vulnerabilities

The Gallagher Controller 6000 and Gallagher Controller 7000 are both products of Gallagher New Zealand.The Gallagher Controller 6000 is an interface between a Gallagher Command Center server and distributed field hardware. The Gallagher Controller 7000 is a powerful network connected controller. ...

6.3CVSS7.5AI score0.00165EPSS
Exploits0References2
NVD
NVD
added 2024/03/05 3:15 a.m.31 views

CVE-2024-22383

Missing release of resource after effective lifetime CWE-772 in the Controller 7000 resulted in HBUS connected T-Series readers to not automatically recover after coming under attack over the RS-485 interface, resulting in a persistent denial of service. This issue affects: All variants of the...

6.2CVSS6.2AI score0.00173EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/03/05 3:12 a.m.35 views

CVE-2024-22383

Missing release of resource after effective lifetime CWE-772 in the Controller 7000 resulted in HBUS connected T-Series readers to not automatically recover after coming under attack over the RS-485 interface, resulting in a persistent denial of service. This issue affects: All variants of the...

6.2CVSS6.4AI score0.00173EPSS
Exploits0References1
CVE
CVE
added 2024/03/05 3:12 a.m.73 views

CVE-2024-22383

CVE-2024-22383 concerns the Gallagher Controller 7000. A missing resource release after its effective lifetime (CWE-772) causes HBUS-connected T-Series readers to fail to recover after an RS-485 attack, yielding a persistent denial of service. Affected are all Controller 7000 variants with versio...

6.2CVSS6.2AI score0.00173EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/03/05 12:0 a.m.5 views

Gallagher Controller 7000 Security Vulnerability

The Gallagher Controller 7000 is a powerful network connectivity controller from Gallagher of New Zealand. A security vulnerability exists in the Gallagher Controller 7000 that stems from a lack of resource release that prevents automatic recovery after an attack on the RS-485 interface, resultin...

6.2CVSS6.7AI score0.00173EPSS
Exploits0References2
NVD
NVD
added 2023/12/18 10:15 p.m.41 views

CVE-2023-6355

Incorrect selection of fuse values in the Controller 7000 platform allows an attacker to bypass some protection mechanisms to enable local debug. This issue affects: Gallagher Controller 7000 9.00 prior to vCR9.00.231204b distributed in 9.00.1507 MR1, 8.90 prior to vCR8.90.231204a distributed in...

6.8CVSS0.00353EPSS
Exploits0References1
OSV
OSV
added 2023/12/18 10:15 p.m.7 views

CVE-2023-41967

Sensitive information uncleared after debug/power state transition in the Controller 6000 could be abused by an attacker with knowledge of the Controller's default diagnostic password and physical access to the Controller to view its configuration through the diagnostic web pages. This issue...

4.6CVSS5.8AI score0.00311EPSS
Exploits0References1
NVD
NVD
added 2023/12/18 10:15 p.m.31 views

CVE-2023-24590

A format string issue in the Controller 6000's optional diagnostic web interface can be used to write/read from memory, and in some instances crash the Controller 6000 leading to a Denial of Service. This issue affects: Gallagher Controller 6000 8.60 prior to vCR8.60.231116a distributed in...

8.8CVSS0.00606EPSS
Exploits0References1
NVD
NVD
added 2023/12/18 10:15 p.m.23 views

CVE-2023-41967

Sensitive information uncleared after debug/power state transition in the Controller 6000 could be abused by an attacker with knowledge of the Controller's default diagnostic password and physical access to the Controller to view its configuration through the diagnostic web pages. This issue...

4.6CVSS0.00311EPSS
Exploits0References1
NVD
NVD
added 2023/12/18 10:15 p.m.24 views

CVE-2023-22439

Improper input validation of a large HTTP request in the Controller 6000 and Controller 7000 optional diagnostic web interface Port 80 can be used to perform a Denial of Service of the diagnostic web interface. This issue affects: Gallagher Controller 6000 and 7000 8.90 prior to vCR8.90.231204a...

4.3CVSS0.00512EPSS
Exploits0References1
OSV
OSV
added 2023/12/18 10:15 p.m.7 views

CVE-2023-22439

Improper input validation of a large HTTP request in the Controller 6000 and Controller 7000 optional diagnostic web interface Port 80 can be used to perform a Denial of Service of the diagnostic web interface. This issue affects: Gallagher Controller 6000 and 7000 8.90 prior to vCR8.90.231204a...

4.3CVSS5.8AI score0.00512EPSS
Exploits0References1
Prion
Prion
added 2023/12/18 10:15 p.m.15 views

Format string

A format string issue in the Controller 6000's optional diagnostic web interface can be used to write/read from memory, and in some instances crash the Controller 6000 leading to a Denial of Service. This issue affects: Gallagher Controller 6000 8.60 prior to vCR8.60.231116a distributed in...

6.8CVSS7AI score0.00606EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/12/18 10:15 p.m.22 views

Design/Logic Flaw

Incorrect selection of fuse values in the Controller 7000 platform allows an attacker to bypass some protection mechanisms to enable local debug. This issue affects: Gallagher Controller 7000 9.00 prior to vCR9.00.231204b distributed in 9.00.1507 MR1, 8.90 prior to vCR8.90.231204a distributed in...

4.6CVSS6.9AI score0.00353EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/12/18 10:0 p.m.32 views

CVE-2023-41967

Sensitive information uncleared after debug/power state transition in the Controller 6000 could be abused by an attacker with knowledge of the Controller's default diagnostic password and physical access to the Controller to view its configuration through the diagnostic web pages. This issue...

2.4CVSS4.9AI score0.00311EPSS
Exploits0References1
CVE
CVE
added 2023/12/18 10:0 p.m.57 views

CVE-2023-41967

Affected product and versions: Gallagher Controller 6000, versions 8.60 or earlier, and 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 MR5). Root cause / description: Sensitive information is not cleared after a debug or power state transition, allowing an attacker with knowledge of the ...

4.6CVSS4.6AI score0.00311EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/12/18 10:0 p.m.25 views

CVE-2023-24590

A format string issue in the Controller 6000's optional diagnostic web interface can be used to write/read from memory, and in some instances crash the Controller 6000 leading to a Denial of Service. This issue affects: Gallagher Controller 6000 8.60 prior to vCR8.60.231116a distributed in...

7.5CVSS8.8AI score0.00606EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/12/18 9:58 p.m.21 views

CVE-2023-22439

Improper input validation of a large HTTP request in the Controller 6000 and Controller 7000 optional diagnostic web interface Port 80 can be used to perform a Denial of Service of the diagnostic web interface. This issue affects: Gallagher Controller 6000 and 7000 8.90 prior to vCR8.90.231204a...

3.1CVSS5AI score0.00512EPSS
Exploits0References1
Rows per page
Query Builder