CVE-2021-23230

CRITICAL

Gallagher Command Centre <8.40.1888-8.00 - SQL Injection

Title source: llm
STIX 2.1

Description

A SQL Injection vulnerability in the OPCUA interface of Gallagher Command Centre allows a remote unprivileged Command Centre Operator to modify Command Centre databases undetected. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); 8.10 versions prior to 8.10.1284 (MR7); version 8.00 and prior versions.

References (1)

Core 1
Core References

Scores

CVSS v3 9.9
EPSS 0.0066
EPSS Percentile 47.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (5)
gallagher/command_centre 8.10.1284
gallagher/command_centre 8.20.1259
gallagher/command_centre 8.30.1359
gallagher/command_centre 8.40.1888
gallagher/command_centre < 8.00
Published Jun 11, 2021
Tracked Since Feb 18, 2026