Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for HBUS Devices by Gallagher

    CVE-2025-52457 (GCVE-0-2025-52457)

    Vulnerability from nvd – Published: 2025-11-18 03:25 – Updated: 2025-11-19 16:49
    VLAI
    Summary
    Observable Timing Discrepancy (CWE-208) in HBUS devices may allow an attacker with physical access to the device to extract device-specific keys, potentially compromising further site security. This issue affects Command Centre Server: 9.30 prior to vCR9.30.251028a (distributed in 9.30.2881 (MR3)), 9.20 prior to vCR9.20.251028a (distributed in 9.20.3265 (MR5)), 9.10 prior to vCR9.10.251028a (distributed in 9.10.4135 (MR8)), all versions of 9.00 and prior.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-208 - Observable Timing Discrepancy
    Assigner
    Impacted products
    Vendor Product Version
    Gallagher HBUS Devices Affected: 0 , ≤ 9.00 (custom)
    Affected: 9.30 , < vCR9.30.251028a (custom)
    Affected: 9.20 , < vCR9.20.251028a (custom)
    Affected: 9.10 , < vCR9.10.251028a (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-52457",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-18T15:04:04.821385Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-19T16:49:38.128Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "HBUS Devices",
              "vendor": "Gallagher",
              "versions": [
                {
                  "lessThanOrEqual": "9.00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "vCR9.30.251028a",
                  "status": "affected",
                  "version": "9.30",
                  "versionType": "custom"
                },
                {
                  "lessThan": "vCR9.20.251028a",
                  "status": "affected",
                  "version": "9.20",
                  "versionType": "custom"
                },
                {
                  "lessThan": "vCR9.10.251028a",
                  "status": "affected",
                  "version": "9.10",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eObservable Timing Discrepancy (CWE-208) in HBUS devices may allow an attacker with physical access to the device to extract device-specific keys, potentially compromising further site security. \u003c/span\u003e\n\n\u003cp\u003eThis issue affects Command Centre Server:\n\n9.30 prior to vCR9.30.251028a (distributed in 9.30.2881 (MR3)), 9.20 prior to vCR9.20.251028a (distributed in 9.20.3265 (MR5)), 9.10 prior to vCR9.10.251028a (distributed in 9.10.4135 (MR8)),\u0026nbsp;all versions of 9.00 and prior.\n\n\u003c/p\u003e"
                }
              ],
              "value": "Observable Timing Discrepancy (CWE-208) in HBUS devices may allow an attacker with physical access to the device to extract device-specific keys, potentially compromising further site security. \n\nThis issue affects Command Centre Server:\n\n9.30 prior to vCR9.30.251028a (distributed in 9.30.2881 (MR3)), 9.20 prior to vCR9.20.251028a (distributed in 9.20.3265 (MR5)), 9.10 prior to vCR9.10.251028a (distributed in 9.10.4135 (MR8)),\u00a0all versions of 9.00 and prior."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-208",
                  "description": "CWE-208 Observable Timing Discrepancy",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-18T03:25:57.696Z",
            "orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
            "shortName": "Gallagher"
          },
          "references": [
            {
              "url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2025-52457"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
        "assignerShortName": "Gallagher",
        "cveId": "CVE-2025-52457",
        "datePublished": "2025-11-18T03:25:57.696Z",
        "dateReserved": "2025-06-17T02:18:59.272Z",
        "dateUpdated": "2025-11-19T16:49:38.128Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-52457 (GCVE-0-2025-52457)

    Vulnerability from cvelistv5 – Published: 2025-11-18 03:25 – Updated: 2025-11-19 16:49
    VLAI
    Summary
    Observable Timing Discrepancy (CWE-208) in HBUS devices may allow an attacker with physical access to the device to extract device-specific keys, potentially compromising further site security. This issue affects Command Centre Server: 9.30 prior to vCR9.30.251028a (distributed in 9.30.2881 (MR3)), 9.20 prior to vCR9.20.251028a (distributed in 9.20.3265 (MR5)), 9.10 prior to vCR9.10.251028a (distributed in 9.10.4135 (MR8)), all versions of 9.00 and prior.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-208 - Observable Timing Discrepancy
    Assigner
    Impacted products
    Vendor Product Version
    Gallagher HBUS Devices Affected: 0 , ≤ 9.00 (custom)
    Affected: 9.30 , < vCR9.30.251028a (custom)
    Affected: 9.20 , < vCR9.20.251028a (custom)
    Affected: 9.10 , < vCR9.10.251028a (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-52457",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-18T15:04:04.821385Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-19T16:49:38.128Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "HBUS Devices",
              "vendor": "Gallagher",
              "versions": [
                {
                  "lessThanOrEqual": "9.00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "vCR9.30.251028a",
                  "status": "affected",
                  "version": "9.30",
                  "versionType": "custom"
                },
                {
                  "lessThan": "vCR9.20.251028a",
                  "status": "affected",
                  "version": "9.20",
                  "versionType": "custom"
                },
                {
                  "lessThan": "vCR9.10.251028a",
                  "status": "affected",
                  "version": "9.10",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eObservable Timing Discrepancy (CWE-208) in HBUS devices may allow an attacker with physical access to the device to extract device-specific keys, potentially compromising further site security. \u003c/span\u003e\n\n\u003cp\u003eThis issue affects Command Centre Server:\n\n9.30 prior to vCR9.30.251028a (distributed in 9.30.2881 (MR3)), 9.20 prior to vCR9.20.251028a (distributed in 9.20.3265 (MR5)), 9.10 prior to vCR9.10.251028a (distributed in 9.10.4135 (MR8)),\u0026nbsp;all versions of 9.00 and prior.\n\n\u003c/p\u003e"
                }
              ],
              "value": "Observable Timing Discrepancy (CWE-208) in HBUS devices may allow an attacker with physical access to the device to extract device-specific keys, potentially compromising further site security. \n\nThis issue affects Command Centre Server:\n\n9.30 prior to vCR9.30.251028a (distributed in 9.30.2881 (MR3)), 9.20 prior to vCR9.20.251028a (distributed in 9.20.3265 (MR5)), 9.10 prior to vCR9.10.251028a (distributed in 9.10.4135 (MR8)),\u00a0all versions of 9.00 and prior."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-208",
                  "description": "CWE-208 Observable Timing Discrepancy",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-18T03:25:57.696Z",
            "orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
            "shortName": "Gallagher"
          },
          "references": [
            {
              "url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2025-52457"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
        "assignerShortName": "Gallagher",
        "cveId": "CVE-2025-52457",
        "datePublished": "2025-11-18T03:25:57.696Z",
        "dateReserved": "2025-06-17T02:18:59.272Z",
        "dateUpdated": "2025-11-19T16:49:38.128Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }