CVE-2019-19802

MEDIUM

Gallagher Command Centre < 7.70 - Authenticated Missing Authorization via OPCUA

Title source: llm
STIX 2.1

Description

In Gallagher Command Centre Server v8.10 prior to v8.10.1134(MR4), v8.00 prior to v8.00.1161(MR5), v7.90 prior to v7.90.991(MR5), v7.80 prior to v7.80.960(MR2) and v7.70 or earlier, an authenticated user connecting to OPCUA can view all data that would be replicated in a multi-server setup without privilege checks being applied.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_confirm
https://security.gallagher.com/cve-2019-19802

Scores

CVSS v3 6.5
EPSS 0.0075
EPSS Percentile 50.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-862
Status published
Products (5)
gallagher/command_centre 7.80.960
gallagher/command_centre 7.90.991
gallagher/command_centre 8.00.1161
gallagher/command_centre 8.10.1134
gallagher/command_centre < 7.70
Published Jan 17, 2020
Tracked Since Feb 18, 2026