Vulnerabilities > CVE-2019-19802 - Missing Authorization vulnerability in Gallagher Command Centre

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

gallagher

CWE-862

NVD

Published: 2020-01-17

Updated: 2021-07-21

Summary

In Gallagher Command Centre Server v8.10 prior to v8.10.1134(MR4), v8.00 prior to v8.00.1161(MR5), v7.90 prior to v7.90.991(MR5), v7.80 prior to v7.80.960(MR2) and v7.70 or earlier, an authenticated user connecting to OPCUA can view all data that would be replicated in a multi-server setup without privilege checks being applied.

Vulnerable Configurations

Part	Description	Count
Application	Gallagher Gallagher Command Centre - Gallagher Command Centre 7.80 Gallagher Command Centre 7.80.939 Gallagher Command Centre 7.90 Gallagher Command Centre 7.90.0 Gallagher Command Centre 7.90.961 Gallagher Command Centre 8.10 Gallagher Command Centre 8.10.1092 Gallagher Command Centre 8.0 Gallagher Command Centre 8.00 Gallagher Command Centre 8.00.1128 Gallagher Command Centre 8.10.1134 Gallagher Command Centre 8.00.1161 Gallagher Command Centre 7.90.991 Gallagher Command Centre 7.80.960	15

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://security.gallagher.com/cve-2019-19802