CVE-2019-12492

 

Severity: Critical
Components affected: Command Centre Server
Version of Command Centre affected: Version of v8.00 prior to v8.00.1128(MR4), v7.90 prior to v7.90.961(MR4), v7.80 prior to v7.80.939(MR1) and v7.70 or earlier.
Reported by: Gallagher
Active exploitation of vulnerability*: No
Description of vulnerability: Incorrect authorization of requests resulting in arbitrary event creation and information disclosure via the FT Command Centre and FT Controller services
Mitigation: If the Configuration Client interface and DCOM are blocked on the server then this cannot be remotely exploited.
Maintenance releases are now available for:
Version of v8.00 prior to v8.00.1128(MR4), v7.90 prior to v7.90.961(MR4), v7.80 prior to v7.80.939(MR1)

Important notes:

  • These maintenance upgrades do not require controllers to be upgraded.
  • Any sites using OPC Bridge will need to apply the vOB7.00.003 patch to use OPC Bridge with these maintenance releases. Please contact your Gallagher Representative for further information.

 

*This indicates whether Gallagher are aware of this being actively exploited against customer sites