CVE-2024-22383

MEDIUM

Gallagher Controller 7000 <9.00.231204b-8.80.240209a - DoS

Title source: llm

Description

Missing release of resource after effective lifetime (CWE-772) in the Controller 7000 resulted in HBUS connected T-Series readers to not automatically recover after coming under attack over the RS-485 interface, resulting in a persistent denial of service. This issue affects: All variants of the Gallagher Controller 7000 9.00 prior to vCR9.00.231204b (distributed in 9.00.1507(MR1)), 8.90 prior to vCR8.90.240209b (distributed in 8.90.1751 (MR3)), 8.80 prior to vCR8.80.240209a (distributed in 8.80.1526 (MR4)), 8.70 prior to vCR8.70.240209a (distributed in 8.70.2526 (MR6)).

References (1)

[Various Sources] https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-22383

Scores

CVSS v3 6.2

EPSS 0.0004

EPSS Percentile 11.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-772

Status published

Products (4)

Gallagher/Controller 7000 8.70 - vCR8.70.240209a

Gallagher/Controller 7000 8.80 - vCR8.80.240209a

Gallagher/Controller 7000 8.90 - vCR8.90.240209b

Gallagher/Controller 7000 9.00 - vCR9.00.231204b

Published Mar 05, 2024

Tracked Since Feb 18, 2026