{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-41146", "assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc", "state": "PUBLISHED", "assignerShortName": "Gallagher", "dateReserved": "2024-08-28T02:46:11.165Z", "datePublished": "2024-12-12T01:35:38.236Z", "dateUpdated": "2024-12-12T15:19:50.478Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "Controller 6000 and Controller 7000", "vendor": "Gallagher", "versions": [{"lessThanOrEqual": "8.80", "status": "affected", "version": "0", "versionType": "custom"}, {"lessThan": "vCR9.10.241108a", "status": "affected", "version": "9.10", "versionType": "custom"}, {"lessThan": "vCR9.00.241108a", "status": "affected", "version": "9.00", "versionType": "custom"}, {"lessThan": "vCR8.90.241107a", "status": "affected", "version": "8.90", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Use of Multiple Resources with Duplicate Identifier (CWE-694) in the Controller 6000 and Controller 7000 Platforms could allow an attacker with physical access to HBUS communication cabling to perform a Denial-of-Service attack against HBUS connected devices, require a device reboot to resolve. <br><br>This issue affects:&nbsp;Controller 6000 and Controller 7000 firmware versions 9.10 prior to vCR9.10.241108a (distributed in 9.10.2149 (MR4)), 9.00 prior to vCR9.00.241108a (distributed in 9.00.2374 (MR5)), 8.90 prior to vCR8.90.241107a (distributed in 8.90.2356 (MR6)),&nbsp;all versions of 8.80 and prior.\n\n</span>"}], "value": "Use of Multiple Resources with Duplicate Identifier (CWE-694) in the Controller 6000 and Controller 7000 Platforms could allow an attacker with physical access to HBUS communication cabling to perform a Denial-of-Service attack against HBUS connected devices, require a device reboot to resolve. \n\nThis issue affects:\u00a0Controller 6000 and Controller 7000 firmware versions 9.10 prior to vCR9.10.241108a (distributed in 9.10.2149 (MR4)), 9.00 prior to vCR9.00.241108a (distributed in 9.00.2374 (MR5)), 8.90 prior to vCR8.90.241107a (distributed in 8.90.2356 (MR6)),\u00a0all versions of 8.80 and prior."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-694", "description": "CWE-694 Use of Multiple Resources with Duplicate Identifier", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc", "shortName": "Gallagher", "dateUpdated": "2024-12-12T01:35:38.236Z"}, "references": [{"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-41146"}], "source": {"discovery": "INTERNAL"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-12-12T15:18:57.979404Z", "id": "CVE-2024-41146", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-12T15:19:50.478Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-41146", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-12-12T15:18:57.979404Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-12T15:19:35.323Z"}}], "cna": {"source": {"discovery": "INTERNAL"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.6, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Gallagher", "product": "Controller 6000 and Controller 7000", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "8.80"}, {"status": "affected", "version": "9.10", "lessThan": "vCR9.10.241108a", "versionType": "custom"}, {"status": "affected", "version": "9.00", "lessThan": "vCR9.00.241108a", "versionType": "custom"}, {"status": "affected", "version": "8.90", "lessThan": "vCR8.90.241107a", "versionType": "custom"}], "defaultStatus": "affected"}], "references": [{"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-41146"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Use of Multiple Resources with Duplicate Identifier (CWE-694) in the Controller 6000 and Controller 7000 Platforms could allow an attacker with physical access to HBUS communication cabling to perform a Denial-of-Service attack against HBUS connected devices, require a device reboot to resolve. \n\nThis issue affects:\u00a0Controller 6000 and Controller 7000 firmware versions 9.10 prior to vCR9.10.241108a (distributed in 9.10.2149 (MR4)), 9.00 prior to vCR9.00.241108a (distributed in 9.00.2374 (MR5)), 8.90 prior to vCR8.90.241107a (distributed in 8.90.2356 (MR6)),\u00a0all versions of 8.80 and prior.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Use of Multiple Resources with Duplicate Identifier (CWE-694) in the Controller 6000 and Controller 7000 Platforms could allow an attacker with physical access to HBUS communication cabling to perform a Denial-of-Service attack against HBUS connected devices, require a device reboot to resolve. <br><br>This issue affects:&nbsp;Controller 6000 and Controller 7000 firmware versions 9.10 prior to vCR9.10.241108a (distributed in 9.10.2149 (MR4)), 9.00 prior to vCR9.00.241108a (distributed in 9.00.2374 (MR5)), 8.90 prior to vCR8.90.241107a (distributed in 8.90.2356 (MR6)),&nbsp;all versions of 8.80 and prior.\n\n</span>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-694", "description": "CWE-694 Use of Multiple Resources with Duplicate Identifier"}]}], "providerMetadata": {"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc", "shortName": "Gallagher", "dateUpdated": "2024-12-12T01:35:38.236Z"}}}, "cveMetadata": {"cveId": "CVE-2024-41146", "state": "PUBLISHED", "dateUpdated": "2024-12-12T15:19:50.478Z", "dateReserved": "2024-08-28T02:46:11.165Z", "assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc", "datePublished": "2024-12-12T01:35:38.236Z", "assignerShortName": "Gallagher"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Use of Multiple Resources with Duplicate Identifier (CWE-694) in the Controller 6000 and Controller 7000 Platforms could allow an attacker with physical access to HBUS communication cabling to perform a Denial-of-Service attack against HBUS connected devices, require a device reboot to resolve. \n\nThis issue affects:\u00a0Controller 6000 and Controller 7000 firmware versions 9.10 prior to vCR9.10.241108a (distributed in 9.10.2149 (MR4)), 9.00 prior to vCR9.00.241108a (distributed in 9.00.2374 (MR5)), 8.90 prior to vCR8.90.241107a (distributed in 8.90.2356 (MR6)),\u00a0all versions of 8.80 and prior."}, {"lang": "es", "value": "El uso de m\u00faltiples recursos con identificador duplicado (CWE-694) en las plataformas Controller 6000 y Controller 7000 podr\u00eda permitir que un atacante con acceso f\u00edsico al cableado de comunicaci\u00f3n HBUS realice un ataque de denegaci\u00f3n de servicio contra dispositivos conectados a HBUS, lo que requiere reiniciar el dispositivo para resolverlo. Este problema afecta a las versiones de firmware 9.10 y anteriores a vCR9.10.241108a (distribuidas en 9.10.2149 (MR4)), 9.00 y anteriores a vCR9.00.241108a (distribuidas en 9.00.2374 (MR5)), 8.90 y anteriores a vCR8.90.241107a (distribuidas en 8.90.2356 (MR6)), todas las versiones de 8.80 y anteriores."}], "id": "CVE-2024-41146", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 3.6, "source": "disclosures@gallagher.com", "type": "Secondary"}]}, "published": "2024-12-12T02:15:22.880", "references": [{"source": "disclosures@gallagher.com", "url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-41146"}], "sourceIdentifier": "disclosures@gallagher.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-694"}], "source": "disclosures@gallagher.com", "type": "Secondary"}]}

{}

{"created": "2025-07-21T15:17:43.971549+00:00", "updated": "2025-07-21T15:17:43.971618+00:00", "vendors": ["gallagher", "gallagher$PRODUCT$controller_6000", "gallagher$PRODUCT$controller_7000"]}