CVE-2024-39808

Name of the Vulnerable Software and Affected Versions Controller 6000 and Controller 7000 versions 8.70 and prior Controller 6000 and Controller 7000 versions 8.80 through 8.80.1938 (MR6) Controller 6000 and Controller 7000 versions 8.90 through 8.90.2155 (MR5) Controller 6000 and Controller 7000 versions 9.00 through 9.00.2168 (MR4) Controller 6000 and Controller 7000 versions 9.10 through 9.10.1530 (MR2)

Description The issue is related to an incorrect calculation of buffer size in the Controller 6000 and Controller 7000 OSDP message handling. This allows an attacker with physical access to the controller wiring to instigate a reboot, leading to a denial of service.

Recommendations For versions 8.70 and prior, update to a version later than 8.70. For versions 8.80 through 8.80.1938 (MR6), update to version 8.80.1938 (MR6) or later. For versions 8.90 through 8.90.2155 (MR5), update to version 8.90.2155 (MR5) or later. For versions 9.00 through 9.00.2168 (MR4), update to version 9.00.2168 (MR4) or later. For versions 9.10 through 9.10.1530 (MR2), update to version 9.10.1530 (MR2) or later.