CVE-2024-41146

Summary

Use of Multiple Resources with Duplicate Identifier (CWE-694) in the Controller 6000 and Controller 7000 Platforms could allow an attacker with physical access to HBUS communication cabling to perform a Denial-of-Service attack against HBUS connected devices, require a device reboot to resolve.

This issue affects: Controller 6000 and Controller 7000 firmware versions 9.10 prior to vCR9.10.241108a (distributed in 9.10.2149 (MR4)), 9.00 prior to vCR9.00.241108a (distributed in 9.00.2374 (MR5)), 8.90 prior to vCR8.90.241107a (distributed in 8.90.2356 (MR6)), all versions of 8.80 and prior.

Affected Software

VendorProductVersion RangeStatus
GallagherController 6000 and Controller 70000 <= 8.80affected
GallagherController 6000 and Controller 70009.10 < vCR9.10.241108aaffected
GallagherController 6000 and Controller 70009.00 < vCR9.00.241108aaffected
GallagherController 6000 and Controller 70008.90 < vCR8.90.241107aaffected

Weaknesses

  • CWE-694: CWE-694 Use of Multiple Resources with Duplicate Identifier

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References