Gallagher Controller 7000 Improper Certificate Validation Vulnerability Allowing Denial-of-Service and Privileged Overrides

Vulnerability

A vulnerability exists in Gallagher's Controller 7000 OneLink implementation due to improper certificate validation. This issue could enable an unprivileged attacker to cause a limited denial-of-service or to perform privileged overrides during the initial configuration of the Controller. Once the Controller is connected, this vulnerability no longer poses a risk. The issue affects Controller 7000 versions 9.30 prior to vCR9.30.250624a, which was distributed in 9.30.1871 (MR1).

Impact

Exploitation of this vulnerability could lead to a limited denial-of-service or unauthorized privileged overrides during the initial configuration of the affected Controller.

Added: Jul 10, 2025, 3:20 AM

Updated: Jul 10, 2025, 3:20 AM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

3.1

exploitability

6.3

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

3.1

exploitability

6.3

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Gallagher Controller 7000 Improper Certificate Validation Vulnerability Allowing Denial-of-Service and Privileged Overrides

Vulnerability

Impact

Affected Products

Gallagher Controller 7000

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating