NotCVE - vendor:"Gallagher" product:"Controller 6000 Firmware" version:" >= 8.70

3 results (0.002 seconds)

CVSS: 4.9EPSS: 0%CPEs: 3EXPL: 0

CVE-2023-41967

https://notcve.org/view.php?id=CVE-2023-41967

18 Dec 2023 — Sensitive information uncleared after debug/power state transition in the Controller 6000 could be abused by an attacker with knowledge of the Controller's default diagnostic password and physical access to the Controller to view its configuration through the diagnostic web pages. This issue affects: Gallagher Controller 6000 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)), v8.60 or earlier. Un atacante con conocimiento de la contraseña de diagnóstico predeterminada de Controller 6000 y acces... • https://security.gallagher.com/Security-Advisories/CVE-2023-41967 • CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer CWE-1272: Sensitive Information Uncleared Before Debug/Power State Transition •

CVSS: 5.0EPSS: 0%CPEs: 13EXPL: 0

CVE-2023-22439

https://notcve.org/view.php?id=CVE-2023-22439

18 Dec 2023 — Improper input validation of a large HTTP request in the Controller 6000 and Controller 7000 optional diagnostic web interface (Port 80) can be used to perform a Denial of Service of the diagnostic web interface. This issue affects: Gallagher Controller 6000 and 7000 8.90 prior to vCR8.90.231204a (distributed in 8.90.1620 (MR2)), 8.80 prior to vCR8.80.231204a (distributed in 8.80.1369 (MR3)), 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)), 8.60 prior to vCR8.60.231116a (distributed in 8.60.2... • https://security.gallagher.com/Security-Advisories/CVE-2023-22439 • CWE-20: Improper Input Validation •

CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0

CVE-2023-24584 – Controller 6000 buffer overflow via upload feature in web interface

https://notcve.org/view.php?id=CVE-2023-24584

01 Jun 2023 — Controller 6000 is vulnerable to a buffer overflow via the Controller diagnostic web interface upload feature. This issue affects Controller 6000: before vCR8.80.230201a, before vCR8.70.230201a, before vCR8.60.230201b, before vCR8.50.230201a, all versions of vCR8.40 and prior. Controller 6000 is vulnerable to a buffer overflow via the Controller diagnostic web interface upload feature. This issue affects Controller 6000: before vCR8.80.230201a, before vCR8.70.230201a, before vCR8.60.230201b, before vCR8.50.... • https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-24584 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •