14 matches found
EUVD-2023-28599
Malicious code in bioql PyPI...
EUVD-2024-19944
Malicious code in bioql PyPI...
CVE-2024-24972
Buffer Copy without Checking Size of Input CWE-120 in the Controller 6000 and Controller 7000 diagnostic web interface allows an authorised and authenticated operator to reboot the Controller, causing a Denial of Service. Gallagher recommend the diagnostic web page is not enabled default is off...
PT-2024-20682 · Gallagher · Controller 6000 +1
Name of the Vulnerable Software and Affected Versions: Controller 6000 and Controller 7000 versions 8.70 and prior Controller 6000 and Controller 7000 versions 8.80 through 8.80.1938 MR6 Controller 6000 and Controller 7000 versions 8.90 through 8.90.2155 MR5 Controller 6000 and Controller 7000...
CVE-2024-22387
External Control of Critical State Data CWE-642 in the Controller 6000 and Controller 7000 diagnostic web interface allows an authenticated user to modify device I/O connections leading to unexpected behavior that in some circumstances could compromise site physical security controls. Gallagher...
Gallagher Controller 6000 and Gallagher Controller 7000 Security Vulnerabilities
The Gallagher Controller 6000 and Gallagher Controller 7000 are both products of Gallagher New Zealand.The Gallagher Controller 6000 is an interface between a Gallagher Command Center server and distributed field hardware. The Gallagher Controller 7000 is a powerful network connected controller. ...
PT-2024-19380 · Gallagher · Gallagher Controller 6000 +1
Name of the Vulnerable Software and Affected Versions: Gallagher Controller 6000 and 7000 versions 8.60 and prior Gallagher Controller 6000 and 7000 versions 8.70 prior to vCR8.70.240520a Gallagher Controller 6000 and 7000 versions 8.80 prior to vCR8.80.240520a Gallagher Controller 6000 and 7000...
CVE-2023-22439
Improper input validation of a large HTTP request in the Controller 6000 and Controller 7000 optional diagnostic web interface Port 80 can be used to perform a Denial of Service of the diagnostic web interface. This issue affects: Gallagher Controller 6000 and 7000 8.90 prior to vCR8.90.231204a...
Format string
A format string issue in the Controller 6000's optional diagnostic web interface can be used to write/read from memory, and in some instances crash the Controller 6000 leading to a Denial of Service. This issue affects: Gallagher Controller 6000 8.60 prior to vCR8.60.231116a distributed in...
CVE-2023-24590
CVE-2023-24590 describes a format-string vulnerability in Gallagher Controller 6000’s optional diagnostic web interface. The issue allows write/read access to memory and can crash the device, potentially causing a Denial of Service. Affected are Gallagher Controller 6000 versions 8.60 prior to vC...
Gallagher Controller 6000 Input Validation Error Vulnerability
The Gallagher Controller 6000 is an interface between the Gallagher Command Center server and distributed field hardware from Gallagher New Zealand. An input validation error vulnerability exists in the Gallagher Controller 6000, Controller 7000, which stems from the diagnostic web interface...
PT-2023-19694 · Gallagher · Gallagher Controller 6000
Name of the Vulnerable Software and Affected Versions: Gallagher Controller 6000 versions 8.50 and prior Gallagher Controller 6000 versions 8.60 prior to vCR8.60.231116a Description: A format string issue in the Controller 6000's optional diagnostic web interface can be used to write/read from...
CVE-2023-24584
Controller 6000 is vulnerable to a buffer overflow via the Controller diagnostic web interface upload feature. This issue affects Controller 6000: before vCR8.80.230201a, before vCR8.70.230201a, before vCR8.60.230201b, before vCR8.50.230201a, all versions of vCR8.40 and prior...
PT-2023-19692 · Unknown · Controller 6000
Name of the Vulnerable Software and Affected Versions: Controller 6000 versions prior to vCR8.80.230201a Controller 6000 versions prior to vCR8.70.230201a Controller 6000 versions prior to vCR8.60.230201b Controller 6000 versions prior to vCR8.50.230201a Controller 6000 versions vCR8.40 and prior...