Components affected: Command Centre Server
Version of Command Centre affected: Versions of v8.10 prior to v8.10.1134(MR4), v8.00 prior to v8.00.1161(MR5), v7.90 prior to v7.90.991(MR5), v7.80 prior to v7.80.960(MR2) and v7.70 or earlier.
Reported by: Gallagher
Active exploitation of vulnerability*: No
Description of vulnerability: An authenticated user connecting to OPCUA can view all data that would be replicated in a multi-server setup without privilege checks being applied.
Mitigation: Limit connections to the Command Centre Server on port 4840 to only authorized workstations. Ensure only trusted operators have active operator accounts.
The following maintenance releases are now available:
- These maintenance upgrades do not require controllers or workstations to be upgraded if you have the previous MR for the version. A workstation upgrade is required if you need to access the backup functionality in the configuration client from the specific workstation. Clients that aren't upgraded will fail to open the Backup property page.
*This indicates whether Gallagher are aware of this being maliciously exploited against customer sites