CVE-2024-41146

Severity: Medium: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Components affected: Controller 6000 and Controller 7000 platforms

Version of Command Centre affected:

9.10 prior to vCR9.10.241108a (distributed in 9.10.2149 (MR4)), 9.00 prior to vCR9.00.241108a (distributed in 9.00.2374 (MR5)), 8.90 prior to vCR8.90.241107a (distributed in 8.90.2356 (MR6)), all versions of 8.80 and prior.

Reported by: Gallagher Internal

Active exploitation of vulnerability*:  No

Description of vulnerability: Use of Multiple Resources with Duplicate Identifier (CWE-694) in the Controller 6000 and Controller 7000 Platforms could allow an attacker with physical access to HBUS communication cabling to perform a Denial-of-Service attack against HBUS connected devices, require a device reboot to resolve.

Mitigating factor: Ensure that all guidance regarding hardening of HBUS cable runs has been followed.

Maintenance releases are now available for:

• v9.10 - v9.10.2149 (MR4)
• v9.00 - v9.00.2374 (MR5)
• v8.90 - v8.90.2356 (MR6)

Important notes:

*This indicates whether Gallagher are aware of this being actively exploited against customer sites at the time of publication.