CVE-2024-22383

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-22383
Missing release of resource after effective lifetime (CWE-772) in the Controller 7000 resulted in HBUS connected T-Series readers to not automatically recover after coming under attack over the RS-485 interface, resulting in a persistent denial of service. This issue affects: All variants of the Gallagher Controller 7000 9.00 prior to vCR9.00.231204b (distributed in 9.00.1507(MR1)), 8.90 prior to vCR8.90.240209b (distributed in 8.90.1751 (MR3)), 8.80 prior to vCR8.80.240209a (distributed in 8.80.1526 (MR4)), 8.70 prior to vCR8.70.240209a (distributed in 8.70.2526 (MR6)).

6.2 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-22383
https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-22383
Configurations

No configuration.

History

21 Nov 2024, 08:56

Type Values Removed Values Added
References () https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-22383 - () https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-22383 -

05 Mar 2024, 13:41

Type Values Removed Values Added
Summary
  • (es) La falta de liberación de recursos después de la vida útil efectiva (CWE-772) en Controller 7000 provocó que los lectores de la Serie T conectados a HBUS no se recuperaran automáticamente después de ser atacados a través de la interfaz RS-485, lo que resultó en una denegación de servicio persistente. Este problema afecta a: Todas las variantes del Gallagher Controller 7000 9.00 anterior a vCR9.00.231204b (distribuido en 9.00.1507(MR1)), 8.90 anterior a vCR8.90.240209b (distribuido en 8.90.1751 (MR3)), 8.80 anterior a vCR8.80.240209a (distribuido en 8.80.1526 (MR4)), 8.70 antes de vCR8.70.240209a (distribuido en 8.70.2526 (MR6)).

05 Mar 2024, 03:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-03-05 03:15

Updated : 2024-11-21 08:56

NVD link : CVE-2024-22383

Mitre link : CVE-2024-22383

CVE.ORG link : CVE-2024-22383

JSON object : View

Products Affected

No product.

CWE
CWE-772

Missing Release of Resource after Effective Lifetime