CVE-2019-19802
MEDIUMGallagher Command Centre < 7.70 - Authenticated Missing Authorization via OPCUA
Title source: llmDescription
In Gallagher Command Centre Server v8.10 prior to v8.10.1134(MR4), v8.00 prior to v8.00.1161(MR5), v7.90 prior to v7.90.991(MR5), v7.80 prior to v7.80.960(MR2) and v7.70 or earlier, an authenticated user connecting to OPCUA can view all data that would be replicated in a multi-server setup without privilege checks being applied.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://security.gallagher.com/cve-2019-19802
Scores
CVSS v3
6.5
EPSS
0.0075
EPSS Percentile
50.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-862
Status
published
Products (5)
gallagher/command_centre
7.80.960
gallagher/command_centre
7.90.991
gallagher/command_centre
8.00.1161
gallagher/command_centre
8.10.1134
gallagher/command_centre
< 7.70
Published
Jan 17, 2020
Tracked Since
Feb 18, 2026