CVE-2023-41967

Name of the Vulnerable Software and Affected Versions Gallagher Controller 6000 versions 8.60 or earlier Gallagher Controller 6000 versions 8.70 prior to vCR8.70.231204a

Description Sensitive information is not properly cleared after a debug or power state transition in the Controller 6000. This could be exploited by an attacker with knowledge of the Controller's default diagnostic password and physical access to the Controller, allowing them to view the configuration through the diagnostic web pages.

Recommendations For versions 8.60 or earlier, update to a version later than vCR8.70.231204a. For versions 8.70 prior to vCR8.70.231204a, update to vCR8.70.231204a or later, which is distributed in 8.70.2375 (MR5).