6.2
CVE-2024-22383
- EPSS 0.17%
- Veröffentlicht 05.03.2024 03:15:06
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle disclosures@gallagher.com
- CVE-Watchlists
- Unerledigt
Missing release of resource after effective lifetime (CWE-772) in the Controller 7000 resulted in HBUS connected T-Series readers to not automatically recover after coming under attack over the RS-485 interface, resulting in a persistent denial of service. This issue affects: All variants of the Gallagher Controller 7000 9.00 prior to vCR9.00.231204b (distributed in 9.00.1507(MR1)), 8.90 prior to vCR8.90.240209b (distributed in 8.90.1751 (MR3)), 8.80 prior to vCR8.80.240209a (distributed in 8.80.1526 (MR4)), 8.70 prior to vCR8.70.240209a (distributed in 8.70.2526 (MR6)).
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerGallagher
≫
Produkt
Controller 7000
Default Statusunaffected
Version
9.00
Version <
vCR9.00.231204b
Status
affected
Version
8.90
Version <
vCR8.90.240209b
Status
affected
Version
8.80
Version <
vCR8.80.240209a
Status
affected
Version
8.70
Version <
vCR8.70.240209a
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.17% | 0.068 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| disclosures@gallagher.com | 6.2 | 2.5 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-772 Missing Release of Resource after Effective Lifetime
The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.
https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-22383