Lucene search

[email protected]CVE-2021-23230

HistoryJun 11, 2021 - 4:15 p.m.

CVE-2021-23230

2021-06-1116:15:12

CWE-89

[email protected]

web.nvd.nist.gov

cve-2021-23230

sql injection

opcua interface

gallagher command centre

vulnerability

remote attack

database modification

nvd

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

9.9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.9%

JSON

A SQL Injection vulnerability in the OPCUA interface of Gallagher Command Centre allows a remote unprivileged Command Centre Operator to modify Command Centre databases undetected. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); 8.10 versions prior to 8.10.1284 (MR7); version 8.00 and prior versions.

Affected configurations

NVD

Node

gallaghercommand_centreRange≤8.00

gallaghercommand_centreRange8.10–8.10.1284

gallaghercommand_centreRange8.20–8.20.1259

gallaghercommand_centreRange8.30–8.30.1359

gallaghercommand_centreRange8.40–8.40.1888

gallaghercommand_centreMatch8.10.1284-

gallaghercommand_centreMatch8.20.1259-

gallaghercommand_centreMatch8.30.1359-

gallaghercommand_centreMatch8.40.1888-

CPENameOperatorVersion
gallagher:command_centregallagher command centrele8.00
gallagher:command_centregallagher command centrelt8.10.1284
gallagher:command_centregallagher command centrelt8.20.1259
gallagher:command_centregallagher command centrelt8.30.1359
gallagher:command_centregallagher command centrelt8.40.1888

CPE	Name	Operator	Version
gallagher:command_centre	gallagher command centre	le	8.00
gallagher:command_centre	gallagher command centre	lt	8.10.1284
gallagher:command_centre	gallagher command centre	lt	8.20.1259
gallagher:command_centre	gallagher command centre	lt	8.30.1359
gallagher:command_centre	gallagher command centre	lt	8.40.1888

CNA Affected

[
  {
    "product": "Command Centre",
    "vendor": "Gallagher",
    "versions": [
      {
        "lessThanOrEqual": "8.00",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "8.40.1888 (MR3)",
        "status": "affected",
        "version": "8.40",
        "versionType": "custom"
      },
      {
        "lessThan": "8.30.1359 (MR3)",
        "status": "affected",
        "version": "8.30",
        "versionType": "custom"
      },
      {
        "lessThan": "8.20.1259 (MR5)",
        "status": "affected",
        "version": "8.20",
        "versionType": "custom"
      },
      {
        "lessThan": "8.10.1284 (MR7)",
        "status": "affected",
        "version": "8.10",
        "versionType": "custom"
      }
    ]
  }
]

References

security.gallagher.com/Security-Advisories/CVE-2021-23230

Social References

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

9.9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.9%

JSON

Related for CVE-2021-23230

nvd1 cvelist1 prion1