CVE-2019-12492

Severity: Critical
Components affected: Command Centre Server
Version of Command Centre affected: Version of v8.00 prior to v8.00.1128(MR4), v7.90 prior to v7.90.961(MR4), v7.80 prior to v7.80.939(MR1) and v7.70 or earlier.
Reported by: Gallagher
Active exploitation of vulnerability*: No
Description of vulnerability: Incorrect authorization of requests resulting in arbitrary event creation and information disclosure via the FT Command Centre and FT Controller services
Mitigation: If the Configuration Client interface and DCOM are blocked on the server then this cannot be remotely exploited.
Maintenance releases are now available for:
Versions of v8.00 prior to v8.00.1128(MR4), v7.90 prior to v7.90.961(MR4), v7.80 prior to v7.80.939(MR1)

Important notes:

  • These maintenance upgrades do not require controllers to be upgraded.
  • Any sites using OPC Bridge will need to apply the vOB7.00.003 patch to use OPC Bridge with these maintenance releases. Please contact your Gallagher Representative for further information.

*This indicates whether Gallagher are aware of this being actively exploited against customer sites

Stay up to date with Gallagher

Get the latest Gallagher news, updates, and event information delivered straight to your inbox.