CVE-2019-19802 Information

Description

In Gallagher Command Centre Server v8.10 prior to v8.10.1134(MR4) v8.00 prior to v8.00.1161(MR5) v7.90 prior to v7.90.991(MR5) v7.80 prior to v7.80.960(MR2) and v7.70 or earlier an authenticated user connecting to OPCUA can view all data that would be replicated in a multi-server setup without privilege checks being applied.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Reference

https://security.gallagher.com/cve-2019-19802

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

6.5