CVE-2023-41967

Summary

Sensitive information uncleared after debug/power state transition in the Controller 6000 could be abused by an attacker with knowledge of the Controller's default diagnostic password and physical access to the Controller to view its configuration through the diagnostic web pages.

This issue affects: Gallagher Controller 6000 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)), v8.60 or earlier.

Affected Software

VendorProductVersion RangeStatus
GallagherController 60000 <= 8.60affected
GallagherController 60008.70 < vCR8.70.231204aaffected

Weaknesses

  • CWE-1272: CWE-1272: Sensitive Information Uncleared Before Debug/Power State Transition

ADP Enrichment

CVE Program Container

Additional References

References