CVE-2019-19802

EUVD-2019-9400
In Gallagher Command Centre Server v8.10 prior to v8.10.1134(MR4), v8.00 prior to v8.00.1161(MR5), v7.90 prior to v7.90.991(MR5), v7.80 prior to v7.80.960(MR2) and v7.70 or earlier, an authenticated user connecting to OPCUA can view all data that would be replicated in a multi-server setup without privilege checks being applied.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 43%
Affected Products (NVD)
VendorProductVersion
gallaghercommand_centre
𝑥
< 7.70
gallaghercommand_centre
7.80 ≤
𝑥
< 7.80.960
gallaghercommand_centre
7.90 ≤
𝑥
< 7.90.991
gallaghercommand_centre
8.00 ≤
𝑥
< 8.00.1161
gallaghercommand_centre
8.10 ≤
𝑥
< 8.10.1134
gallaghercommand_centre
7.80.960
gallaghercommand_centre
7.90.991
gallaghercommand_centre
8.00.1161
gallaghercommand_centre
8.10.1134
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://security.gallagher.com/cve-2019-19802
https://security.gallagher.com/cve-2019-19802