{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-22383", "assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc", "state": "PUBLISHED", "assignerShortName": "Gallagher", "dateReserved": "2024-02-05T04:16:47.982Z", "datePublished": "2024-03-05T03:12:29.581Z", "dateUpdated": "2024-08-01T22:43:34.539Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Controller 7000", "vendor": "Gallagher", "versions": [{"lessThan": "vCR9.00.231204b", "status": "affected", "version": "9.00", "versionType": "custom"}, {"lessThan": "vCR8.90.240209b", "status": "affected", "version": "8.90", "versionType": "custom"}, {"lessThan": "vCR8.80.240209a", "status": "affected", "version": "8.80", "versionType": "custom"}, {"lessThan": "vCR8.70.240209a", "status": "affected", "version": "8.70", "versionType": "custom"}]}], "configurations": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Only sites with Controller 7000 or Controller 7000 SDC (Single Door Controller) are affected. To exploit this an attacker would need access to the HBUS cabling, ensure HBUS cables are suitably protected. </span>\n\n<br>"}], "value": "\nOnly sites with Controller 7000 or Controller 7000 SDC (Single Door Controller) are affected. To exploit this an attacker would need access to the HBUS cabling, ensure HBUS cables are suitably protected. \n\n\n"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Missing release of resource after effective lifetime (CWE-772) in the Controller 7000 resulted in HBUS connected T-Series readers to not automatically recover after coming under attack over the RS-485 interface, resulting in a persistent denial of service. </span><br><span style=\"background-color: rgb(255, 255, 255);\"><br>This issue affects: All variants of the Gallagher Controller 7000 </span>9.00 prior to vCR9.00.231204b (distributed in 9.00.1507(MR1)), 8.90 prior to vCR8.90.240209b (distributed in 8.90.1751 (MR3)),&nbsp;8.80 prior to vCR8.80.240209a (distributed in 8.80.1526 (MR4)), 8.70 prior to vCR8.70.240209a (distributed in 8.70.2526 (MR6)).\n\n<p></p>"}], "value": "\nMissing release of resource after effective lifetime (CWE-772) in the Controller 7000 resulted in HBUS connected T-Series readers to not automatically recover after coming under attack over the RS-485 interface, resulting in a persistent denial of service. \n\nThis issue affects: All variants of the Gallagher Controller 7000 9.00 prior to vCR9.00.231204b (distributed in 9.00.1507(MR1)), 8.90 prior to vCR8.90.240209b (distributed in 8.90.1751 (MR3)),\u00a08.80 prior to vCR8.80.240209a (distributed in 8.80.1526 (MR4)), 8.70 prior to vCR8.70.240209a (distributed in 8.70.2526 (MR6)).\n\n\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-772", "description": "CWE-772 Missing Release of Resource after Effective Lifetime", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc", "shortName": "Gallagher", "dateUpdated": "2024-03-05T03:12:29.581Z"}, "references": [{"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-22383"}], "source": {"discovery": "INTERNAL"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-22383", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-05T20:52:27.008902Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:52:48.693Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:43:34.539Z"}, "title": "CVE Program Container", "references": [{"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-22383", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-22383", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:43:34.539Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-22383", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-05T20:52:27.008902Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:15.994Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"source": {"discovery": "INTERNAL"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Gallagher", "product": "Controller 7000", "versions": [{"status": "affected", "version": "9.00", "lessThan": "vCR9.00.231204b", "versionType": "custom"}, {"status": "affected", "version": "8.90", "lessThan": "vCR8.90.240209b", "versionType": "custom"}, {"status": "affected", "version": "8.80", "lessThan": "vCR8.80.240209a", "versionType": "custom"}, {"status": "affected", "version": "8.70", "lessThan": "vCR8.70.240209a", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-22383"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "\nMissing release of resource after effective lifetime (CWE-772) in the Controller 7000 resulted in HBUS connected T-Series readers to not automatically recover after coming under attack over the RS-485 interface, resulting in a persistent denial of service. \n\nThis issue affects: All variants of the Gallagher Controller 7000 9.00 prior to vCR9.00.231204b (distributed in 9.00.1507(MR1)), 8.90 prior to vCR8.90.240209b (distributed in 8.90.1751 (MR3)),\u00a08.80 prior to vCR8.80.240209a (distributed in 8.80.1526 (MR4)), 8.70 prior to vCR8.70.240209a (distributed in 8.70.2526 (MR6)).\n\n\n\n", "supportingMedia": [{"type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Missing release of resource after effective lifetime (CWE-772) in the Controller 7000 resulted in HBUS connected T-Series readers to not automatically recover after coming under attack over the RS-485 interface, resulting in a persistent denial of service. </span><br><span style=\"background-color: rgb(255, 255, 255);\"><br>This issue affects: All variants of the Gallagher Controller 7000 </span>9.00 prior to vCR9.00.231204b (distributed in 9.00.1507(MR1)), 8.90 prior to vCR8.90.240209b (distributed in 8.90.1751 (MR3)),&nbsp;8.80 prior to vCR8.80.240209a (distributed in 8.80.1526 (MR4)), 8.70 prior to vCR8.70.240209a (distributed in 8.70.2526 (MR6)).\n\n<p></p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-772", "description": "CWE-772 Missing Release of Resource after Effective Lifetime"}]}], "configurations": [{"lang": "en", "value": "\nOnly sites with Controller 7000 or Controller 7000 SDC (Single Door Controller) are affected. To exploit this an attacker would need access to the HBUS cabling, ensure HBUS cables are suitably protected. \n\n\n", "supportingMedia": [{"type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Only sites with Controller 7000 or Controller 7000 SDC (Single Door Controller) are affected. To exploit this an attacker would need access to the HBUS cabling, ensure HBUS cables are suitably protected. </span>\n\n<br>", "base64": false}]}], "providerMetadata": {"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc", "shortName": "Gallagher", "dateUpdated": "2024-03-05T03:12:29.581Z"}}}, "cveMetadata": {"cveId": "CVE-2024-22383", "state": "PUBLISHED", "dateUpdated": "2024-08-01T22:43:34.539Z", "dateReserved": "2024-02-05T04:16:47.982Z", "assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc", "datePublished": "2024-03-05T03:12:29.581Z", "assignerShortName": "Gallagher"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "\nMissing release of resource after effective lifetime (CWE-772) in the Controller 7000 resulted in HBUS connected T-Series readers to not automatically recover after coming under attack over the RS-485 interface, resulting in a persistent denial of service. \n\nThis issue affects: All variants of the Gallagher Controller 7000 9.00 prior to vCR9.00.231204b (distributed in 9.00.1507(MR1)), 8.90 prior to vCR8.90.240209b (distributed in 8.90.1751 (MR3)),\u00a08.80 prior to vCR8.80.240209a (distributed in 8.80.1526 (MR4)), 8.70 prior to vCR8.70.240209a (distributed in 8.70.2526 (MR6)).\n\n\n\n"}, {"lang": "es", "value": "La falta de liberaci\u00f3n de recursos despu\u00e9s de la vida \u00fatil efectiva (CWE-772) en Controller 7000 provoc\u00f3 que los lectores de la Serie T conectados a HBUS no se recuperaran autom\u00e1ticamente despu\u00e9s de ser atacados a trav\u00e9s de la interfaz RS-485, lo que result\u00f3 en una denegaci\u00f3n de servicio persistente. Este problema afecta a: Todas las variantes del Gallagher Controller 7000 9.00 anterior a vCR9.00.231204b (distribuido en 9.00.1507(MR1)), 8.90 anterior a vCR8.90.240209b (distribuido en 8.90.1751 (MR3)), 8.80 anterior a vCR8.80.240209a (distribuido en 8.80.1526 (MR4)), 8.70 antes de vCR8.70.240209a (distribuido en 8.70.2526 (MR6))."}], "id": "CVE-2024-22383", "lastModified": "2024-11-21T08:56:09.863", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 3.6, "source": "disclosures@gallagher.com", "type": "Secondary"}]}, "published": "2024-03-05T03:15:06.470", "references": [{"source": "disclosures@gallagher.com", "url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-22383"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-22383"}], "sourceIdentifier": "disclosures@gallagher.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-772"}], "source": "disclosures@gallagher.com", "type": "Secondary"}]}

{}