Vulnerabilities > Gallagher > Command Centre

DATE CVE VULNERABILITY TITLE RISK
2021-06-11 CVE-2021-23230 SQL Injection vulnerability in Gallagher Command Centre
A SQL Injection vulnerability in the OPCUA interface of Gallagher Command Centre allows a remote unprivileged Command Centre Operator to modify Command Centre databases undetected.
network
gallagher CWE-89
3.5
2020-12-14 CVE-2020-16104 SQL Injection vulnerability in Gallagher Command Centre
SQL Injection vulnerability in Enterprise Data Interface of Gallagher Command Centre allows a remote attacker with 'Edit Enterprise Data Interfaces' privilege to execute arbitrary SQL against a third party database if EDI is configured to import data from this database.
network
low complexity
gallagher CWE-89
6.5
2020-12-14 CVE-2020-16103 Type Confusion vulnerability in Gallagher Command Centre
Type confusion in Gallagher Command Centre Server allows a remote attacker to crash the server or possibly cause remote code execution.
network
low complexity
gallagher CWE-843
6.5
2020-12-14 CVE-2020-16102 Missing Authentication for Critical Function vulnerability in Gallagher Command Centre
Improper Authentication vulnerability in Gallagher Command Centre Server allows an unauthenticated remote attacker to create items with invalid configuration, potentially causing the server to crash and fail to restart.
network
low complexity
gallagher CWE-306
6.4
2020-09-15 CVE-2020-16101 Out-of-bounds Read vulnerability in Gallagher Command Centre
It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service due to an out-of-bounds buffer access.
network
low complexity
gallagher CWE-125
5.0
2020-09-15 CVE-2020-16100 Improper Resource Shutdown or Release vulnerability in Gallagher Command Centre
It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service's DCOM websocket thread due to improper shutdown of closed websocket connections, preventing it from accepting future DCOM websocket (Configuration Client) connections.
network
low complexity
gallagher CWE-404
5.0
2020-09-15 CVE-2020-16099 Unspecified vulnerability in Gallagher Command Centre 8.20/8.20.1093
In Gallagher Command Centre v8.20 prior to v8.20.1093(MR2) it is possible to create Guard Tour events that when accessed via things like reporting cause clients to temporarily hang or disconnect.
network
gallagher
3.5
2020-09-15 CVE-2020-16098 Missing Authentication for Critical Function vulnerability in Gallagher Command Centre
It is possible to enumerate access card credentials via an unauthenticated network connection to the server in versions of Command Centre v8.20 prior to v8.20.1166(MR3), versions of 8.10 prior to v8.10.1211(MR5), versions of 8.00 prior to v8.00.1228(MR6), all versions of 7.90 and earlier.
network
low complexity
gallagher CWE-306
7.5
2020-09-15 CVE-2020-16097 Unspecified vulnerability in Gallagher Command Centre
On controllers running versions of v8.20 prior to vCR8.20.200221b (distributed in v8.20.1093(MR2)), v8.10 prior to vGR8.10.179 (distributed in v8.10.1211(MR5)), v8.00 prior to vGR8.00.165 (Distributed in v8.00.1228(MR6)), v7.90 prior to vGR7.90.165 (distributed in v7.90.1038(MRX)), v7.80 or earlier, It is possible to retrieve site keys used for securing MIFARE Plus and Desfire using debug ports on T Series readers.
local
low complexity
gallagher
2.1
2020-09-15 CVE-2020-16096 Unspecified vulnerability in Gallagher Command Centre
In Gallagher Command Centre versions 8.10 prior to 8.10.1134(MR4), 8.00 prior to 8.00.1161(MR5), 7.90 prior to 7.90.991(MR5), 7.80 prior to 7.80.960(MR2), 7.70 and earlier, any operator account has access to all data that would be replicated if the system were to be (or is) attached to a multi-server environment.
network
low complexity
gallagher
4.0