Lucene search
K

76 matches found

Cvelist
Cvelist
added 2024/07/11 2:39 a.m.16 views

CVE-2024-23317

External Control of File Name or Path CWE-73 in the Controller 6000 and Controller 7000 allows an attacker with local access to the Controller to perform arbitrary code execution. This issue affects: 9.10 prior to vCR9.10.240520a distributed in 9.10.1268MR1, 9.00 prior to vCR9.00.240521a...

6.3CVSS0.00165EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/07/11 2:38 a.m.10 views

CVE-2024-22387

External Control of Critical State Data CWE-642 in the Controller 6000 and Controller 7000 diagnostic web interface allows an authenticated user to modify device I/O connections leading to unexpected behavior that in some circumstances could compromise site physical security controls. Gallagher...

6.8CVSS6.4AI score0.00306EPSS
Exploits0References1
CVE
CVE
added 2024/07/11 2:38 a.m.46 views

CVE-2024-22387

CVE-2024-22387 affects Gallagher Controller 6000 and 7000 via the diagnostic web interface. An authenticated user can externally control critical state data to modify device I/O connections, causing unexpected behavior and potentially compromising site physical security controls. Affected version...

6.8CVSS6.4AI score0.00306EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/07/11 2:38 a.m.20 views

CVE-2024-23485

Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation CWE-1304 in the Controller 6000 and 7000 can lead to secured door locks connected via Aperio Communication Hubs to momentarily allow free access. This issue affects: Gallagher Controller 6000 and...

4.6CVSS0.00186EPSS
Exploits0References1
CVE
CVE
added 2024/07/11 2:38 a.m.50 views

CVE-2024-23485

CVE-2024-23485 affects Gallagher Controller 6000 and 7000. Root cause: improper preservation of hardware configuration state during a power save/restore operation, which can cause Aperio-connected door locks to momentarily allow free access. Affected versions span 8.60 and prior; 8.70 prior to vC...

4.6CVSS4.9AI score0.00186EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/07/11 12:0 a.m.4 views

Gallagher Controller 6000 and Gallagher Controller 7000 Security Vulnerabilities

The Gallagher Controller 6000 and Gallagher Controller 7000 are both products of Gallagher New Zealand.The Gallagher Controller 6000 is an interface between a Gallagher Command Center server and distributed field hardware. The Gallagher Controller 7000 is a powerful network connected controller. ...

6.3CVSS7.5AI score0.00165EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/07/11 12:0 a.m.4 views

Gallagher Controller 6000 and Gallagher Controller 7000 Security Vulnerabilities

The Gallagher Controller 6000 and Gallagher Controller 7000 are both products of Gallagher New Zealand.The Gallagher Controller 6000 is an interface between a Gallagher Command Center server and distributed field hardware. The Gallagher Controller 7000 is a powerful network connected controller. ...

6.8CVSS6.4AI score0.00306EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/07/11 12:0 a.m.5 views

Gallagher Controller 6000 and Gallagher Controller 7000 Security Vulnerabilities

The Gallagher Controller 6000 and Gallagher Controller 7000 are both products of Gallagher New Zealand.The Gallagher Controller 6000 is an interface between a Gallagher Command Center server and distributed field hardware. The Gallagher Controller 7000 is a powerful network connected controller. ...

4.6CVSS6.8AI score0.00186EPSS
Exploits0References2
OSV
OSV
added 2023/12/18 10:15 p.m.6 views

CVE-2023-24590

A format string issue in the Controller 6000's optional diagnostic web interface can be used to write/read from memory, and in some instances crash the Controller 6000 leading to a Denial of Service. This issue affects: Gallagher Controller 6000 8.60 prior to vCR8.60.231116a distributed in...

8.8CVSS5.8AI score0.00606EPSS
Exploits0References1
OSV
OSV
added 2023/12/18 10:15 p.m.7 views

CVE-2023-41967

Sensitive information uncleared after debug/power state transition in the Controller 6000 could be abused by an attacker with knowledge of the Controller's default diagnostic password and physical access to the Controller to view its configuration through the diagnostic web pages. This issue...

4.6CVSS5.8AI score0.00311EPSS
Exploits0References1
NVD
NVD
added 2023/12/18 10:15 p.m.31 views

CVE-2023-24590

A format string issue in the Controller 6000's optional diagnostic web interface can be used to write/read from memory, and in some instances crash the Controller 6000 leading to a Denial of Service. This issue affects: Gallagher Controller 6000 8.60 prior to vCR8.60.231116a distributed in...

8.8CVSS0.00606EPSS
Exploits0References1
NVD
NVD
added 2023/12/18 10:15 p.m.23 views

CVE-2023-41967

Sensitive information uncleared after debug/power state transition in the Controller 6000 could be abused by an attacker with knowledge of the Controller's default diagnostic password and physical access to the Controller to view its configuration through the diagnostic web pages. This issue...

4.6CVSS0.00311EPSS
Exploits0References1
NVD
NVD
added 2023/12/18 10:15 p.m.24 views

CVE-2023-22439

Improper input validation of a large HTTP request in the Controller 6000 and Controller 7000 optional diagnostic web interface Port 80 can be used to perform a Denial of Service of the diagnostic web interface. This issue affects: Gallagher Controller 6000 and 7000 8.90 prior to vCR8.90.231204a...

4.3CVSS0.00512EPSS
Exploits0References1
Prion
Prion
added 2023/12/18 10:15 p.m.15 views

Format string

A format string issue in the Controller 6000's optional diagnostic web interface can be used to write/read from memory, and in some instances crash the Controller 6000 leading to a Denial of Service. This issue affects: Gallagher Controller 6000 8.60 prior to vCR8.60.231116a distributed in...

6.8CVSS7AI score0.00606EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/12/18 10:15 p.m.24 views

Input validation

Improper input validation of a large HTTP request in the Controller 6000 and Controller 7000 optional diagnostic web interface Port 80 can be used to perform a Denial of Service of the diagnostic web interface. This issue affects: Gallagher Controller 6000 and 7000 8.90 prior to vCR8.90.231204a...

4.3CVSS7AI score0.00512EPSS
Exploits0References1Affected Software2
Prion
Prion
added 2023/12/18 10:15 p.m.17 views

Default credentials

Sensitive information uncleared after debug/power state transition in the Controller 6000 could be abused by an attacker with knowledge of the Controller's default diagnostic password and physical access to the Controller to view its configuration through the diagnostic web pages. This issue...

2.1CVSS6.8AI score0.00311EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/12/18 10:0 p.m.32 views

CVE-2023-41967

Sensitive information uncleared after debug/power state transition in the Controller 6000 could be abused by an attacker with knowledge of the Controller's default diagnostic password and physical access to the Controller to view its configuration through the diagnostic web pages. This issue...

2.4CVSS4.9AI score0.00311EPSS
Exploits0References1
CVE
CVE
added 2023/12/18 10:0 p.m.56 views

CVE-2023-41967

Affected product and versions: Gallagher Controller 6000, versions 8.60 or earlier, and 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 MR5). Root cause / description: Sensitive information is not cleared after a debug or power state transition, allowing an attacker with knowledge of the ...

4.6CVSS4.6AI score0.00311EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/12/18 10:0 p.m.25 views

CVE-2023-24590

A format string issue in the Controller 6000's optional diagnostic web interface can be used to write/read from memory, and in some instances crash the Controller 6000 leading to a Denial of Service. This issue affects: Gallagher Controller 6000 8.60 prior to vCR8.60.231116a distributed in...

7.5CVSS8.8AI score0.00606EPSS
Exploits0References1
CVE
CVE
added 2023/12/18 10:0 p.m.49 views

CVE-2023-24590

CVE-2023-24590 describes a format-string vulnerability in Gallagher Controller 6000’s optional diagnostic web interface. The issue allows write/read access to memory and can crash the device, potentially causing a Denial of Service. Affected are Gallagher Controller 6000 versions 8.60 prior to vC...

8.8CVSS8.5AI score0.00606EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder