CVE-2020-16101
15.09.2020, 14:15
It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service due to an out-of-bounds buffer access. Affected versions are v8.20 prior to v8.20.1166(MR3), v8.10 prior to v8.10.1211(MR5), v8.00 prior to v8.00.1228(MR6), all versions of 7.90 and earlier.Enginsight
| Vendor | Product | Version |
|---|---|---|
| gallagher | command_centre | 8.00 ≤ 𝑥 < 8.00.1228 |
| gallagher | command_centre | 8.10 ≤ 𝑥 < 8.10.1211 |
| gallagher | command_centre | 8.20 ≤ 𝑥 < 8.20.1166 |
| gallagher | command_centre | 8.00.1228 |
| gallagher | command_centre | 8.10.1211 |
| gallagher | command_centre | 8.20.1166 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-805 - Buffer Access with Incorrect Length ValueThe software uses a sequential operation to read or write a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of the buffer.
- CWE-125 - Out-of-bounds ReadThe software reads data past the end, or before the beginning, of the intended buffer.