Sql injection

2021-06-1116:15:00

PRIOn knowledge base

www.prio-n.com

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.7%

JSON

A SQL Injection vulnerability in the OPCUA interface of Gallagher Command Centre allows a remote unprivileged Command Centre Operator to modify Command Centre databases undetected. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); 8.10 versions prior to 8.10.1284 (MR7); version 8.00 and prior versions.

CPENameOperatorVersion
command_centrele8.00
command_centrege8.10
command_centrelt8.10.1284
command_centrege8.20
command_centrelt8.20.1259
command_centrege8.30
command_centrelt8.30.1359
command_centrege8.40
command_centrelt8.40.1888
command_centreeq8.20.1259

Name	Operator	Version
command_centre	le	8.00
command_centre	ge	8.10
command_centre	lt	8.10.1284
command_centre	ge	8.20
command_centre	lt	8.20.1259
command_centre	ge	8.30
command_centre	lt	8.30.1359
command_centre	ge	8.40
command_centre	lt	8.40.1888
command_centre	eq	8.20.1259