CVE-2021-23230
CRITICALGallagher Command Centre <8.40.1888-8.00 - SQL Injection
Title source: llmDescription
A SQL Injection vulnerability in the OPCUA interface of Gallagher Command Centre allows a remote unprivileged Command Centre Operator to modify Command Centre databases undetected. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); 8.10 versions prior to 8.10.1284 (MR7); version 8.00 and prior versions.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://security.gallagher.com/Security-Advisories/CVE-2021-23230
Scores
CVSS v3
9.9
EPSS
0.0066
EPSS Percentile
47.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (5)
gallagher/command_centre
8.10.1284
gallagher/command_centre
8.20.1259
gallagher/command_centre
8.30.1359
gallagher/command_centre
8.40.1888
gallagher/command_centre
< 8.00
Published
Jun 11, 2021
Tracked Since
Feb 18, 2026