CVE-2024-41146
📋 TL;DR
This vulnerability allows an attacker with physical access to HBUS communication cabling to perform a Denial-of-Service attack against connected devices on Gallagher Controller 6000 and 7000 platforms. The attack requires a device reboot to resolve. Affected systems include Controller 6000 and 7000 with specific firmware versions.
💻 Affected Systems
- Gallagher Controller 6000
- Gallagher Controller 7000
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Physical attacker causes persistent DoS requiring manual reboot of critical access control devices, disrupting building security operations.
Likely Case
Physical intruder temporarily disables HBUS-connected devices like readers or locks, creating security gaps until reboot.
If Mitigated
With proper physical security controls, risk is minimal as attack requires direct cable access.
🎯 Exploit Status
Exploitation requires physical access to HBUS cabling but no authentication. Attack methodology involves manipulating HBUS communication.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: vCR9.10.241108a (distributed in 9.10.2149 MR4), vCR9.00.241108a (distributed in 9.00.2374 MR5), vCR8.90.241107a (distributed in 8.90.2356 MR6)
Vendor Advisory: https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-41146
Restart Required: Yes
Instructions:
1. Download appropriate firmware update from Gallagher support portal. 2. Backup current configuration. 3. Apply firmware update via Gallagher Command Centre. 4. Reboot controller. 5. Verify firmware version and functionality.
🔧 Temporary Workarounds
Physical Access Control
allRestrict physical access to HBUS communication cabling and controller enclosures.
Network Segmentation
allIsolate controller networks from general corporate networks to limit attack surface.
🧯 If You Can't Patch
- Implement strict physical security controls around controller rooms and cable runs
- Monitor for unexpected device reboots or HBUS communication failures
🔍 How to Verify
Check if Vulnerable:
Check firmware version in Gallagher Command Centre: System > Controllers > select controller > Firmware VersionCheck Version:
No CLI command - use Gallagher Command Centre GUI interfaceVerify Fix Applied:
Verify firmware version matches patched versions: 9.10.2149 MR4 or higher, 9.00.2374 MR5 or higher, 8.90.2356 MR6 or higher📡 Detection & Monitoring
Log Indicators:
- Unexpected controller reboots
- HBUS communication errors in system logs
- Device disconnection events
Network Indicators:
- Unusual HBUS traffic patterns
- Multiple device disconnections
SIEM Query:
source="gallagher-controller" AND (event_type="reboot" OR event_type="hbus_error")