VYPR

Controller 7000

by Gallagher

CVEs (7)

  • CVE-2024-22387MedJul 11, 2024
    risk 0.44cvss 6.8epss 0.00

    External Control of Critical State Data (CWE-642) in the Controller 6000 and Controller 7000 diagnostic web interface allows an authenticated user to modify device I/O connections leading to unexpected behavior that in some circumstances could compromise site physical security…

  • CVE-2023-6355MedDec 18, 2023
    risk 0.44cvss 6.8epss 0.00

    Incorrect selection of fuse values in the Controller 7000 platform allows an attacker to bypass some protection mechanisms to enable local debug. This issue affects: Gallagher Controller 7000 9.00 prior to vCR9.00.231204b (distributed in 9.00.1507 (MR1)), 8.90 prior to…

  • CVE-2025-35983MedJul 10, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Certificate Validation (CWE-295) in the Controller 7000 OneLink implementation could allow an unprivileged attacker to perform a limited denial of service or perform privileged overrides during the initial configuration of the Controller, there is no risk for…

  • CVE-2024-24972MedSep 11, 2024
    risk 0.42cvss 6.5epss 0.00

    Buffer Copy without Checking Size of Input (CWE-120) in the Controller 6000 and Controller 7000 diagnostic web interface allows an authorised and authenticated operator to reboot the Controller, causing a Denial of Service. Gallagher recommend the diagnostic web page is not…

  • CVE-2024-23317MedJul 11, 2024
    risk 0.41cvss 6.3epss 0.00

    External Control of File Name or Path (CWE-73) in the Controller 6000 and Controller 7000 allows an attacker with local access to the Controller to perform arbitrary code execution. This issue affects: 9.10 prior to vCR9.10.240520a (distributed in 9.10.1268(MR1)), 9.00 prior…

  • CVE-2024-22383MedMar 5, 2024
    risk 0.40cvss 6.2epss 0.00

    Missing release of resource after effective lifetime (CWE-772) in the Controller 7000 resulted in HBUS connected T-Series readers to not automatically recover after coming under attack over the RS-485 interface, resulting in a persistent denial of service. This issue affects:…

  • CVE-2024-41146MedDec 12, 2024
    risk 0.30cvss 4.6epss 0.00

    Use of Multiple Resources with Duplicate Identifier (CWE-694) in the Controller 6000 and Controller 7000 Platforms could allow an attacker with physical access to HBUS communication cabling to perform a Denial-of-Service attack against HBUS connected devices, require a device…