Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

gallagher command centre vulnerabilities and exploits

(subscribe to this query)
5.5
CVSSv3
CVE-2019-19801
In Gallagher Command Centre Server versions of v8.10 prior to v8.10.1134(MR4), v8.00 prior to v8.00.1161(MR5), v7.90 prior to v7.90.991(MR5), v7.80 prior to v7.80.960(MR2) and v7.70 or earlier, an unprivileged but authenticated user is able to perform a backup of the Command Cent...
Gallagher Command CentreGallagher Command Centre 7.80.960Gallagher Command Centre 7.90.991Gallagher Command Centre 8.00.1161Gallagher Command Centre 8.10.1134
4.3
CVSSv3
CVE-2021-23230
A SQL Injection vulnerability in the OPCUA interface of Gallagher Command Centre allows a remote unprivileged Command Centre Operator to modify Command Centre databases undetected. This issue affects: Gallagher Command Centre 8.40 versions before 8.40.1888 (MR3); 8.30 versions be...
Gallagher Command CentreGallagher Command Centre 8.10.1284Gallagher Command Centre 8.20.1259Gallagher Command Centre 8.30.1359Gallagher Command Centre 8.40.1888
7.7
CVSSv3
CVE-2020-16096
In Gallagher Command Centre versions 8.10 before 8.10.1134(MR4), 8.00 before 8.00.1161(MR5), 7.90 before 7.90.991(MR5), 7.80 before 7.80.960(MR2), 7.70 and previous versions, any operator account has access to all data that would be replicated if the system were to be (or is) att...
Gallagher Command CentreGallagher Command Centre 7.80.960Gallagher Command Centre 7.90.991Gallagher Command Centre 8.00.1161Gallagher Command Centre 8.10.1134
8.2
CVSSv3
CVE-2020-16102
Improper Authentication vulnerability in Gallagher Command Centre Server allows an unauthenticated remote malicious user to create items with invalid configuration, potentially causing the server to crash and fail to restart. This issue affects: Gallagher Command Centre 8.30 vers...
Gallagher Command CentreGallagher Command Centre 8.00.1252Gallagher Command Centre 8.10.1253Gallagher Command Centre 8.20.1218Gallagher Command Centre 8.30.1299
7.2
CVSSv3
CVE-2020-16104
SQL Injection vulnerability in Enterprise Data Interface of Gallagher Command Centre allows a remote attacker with 'Edit Enterprise Data Interfaces' privilege to execute arbitrary SQL against a third party database if EDI is configured to import data from this database....
Gallagher Command CentreGallagher Command Centre 8.00.1228Gallagher Command Centre 8.10.1211Gallagher Command Centre 8.20.1166Gallagher Command Centre 8.30.1236
6.5
CVSSv3
CVE-2019-19802
In Gallagher Command Centre Server v8.10 prior to v8.10.1134(MR4), v8.00 prior to v8.00.1161(MR5), v7.90 prior to v7.90.991(MR5), v7.80 prior to v7.80.960(MR2) and v7.70 or earlier, an authenticated user connecting to OPCUA can view all data that would be replicated in a multi-se...
Gallagher Command CentreGallagher Command Centre 7.80.960Gallagher Command Centre 7.90.991Gallagher Command Centre 8.00.1161Gallagher Command Centre 8.10.1134
4.6
CVSSv3
CVE-2020-16097
On controllers running versions of v8.20 prior to vCR8.20.200221b (distributed in v8.20.1093(MR2)), v8.10 prior to vGR8.10.179 (distributed in v8.10.1211(MR5)), v8.00 prior to vGR8.00.165 (Distributed in v8.00.1228(MR6)), v7.90 prior to vGR7.90.165 (distributed in v7.90.1038(MRX)...
Gallagher Command CentreGallagher Command Centre 7.90.1038Gallagher Command Centre 8.00.1228Gallagher Command Centre 8.10.1211Gallagher Command Centre 8.20.1093
9.8
CVSSv3
CVE-2020-16098
It is possible to enumerate access card credentials via an unauthenticated network connection to the server in versions of Command Centre v8.20 prior to v8.20.1166(MR3), versions of 8.10 prior to v8.10.1211(MR5), versions of 8.00 prior to v8.00.1228(MR6), all versions of 7.90 and...
Gallagher Command CentreGallagher Command Centre 8.00.1228Gallagher Command Centre 8.10.1211Gallagher Command Centre 8.20.1166Gallagher Command Centre 8.30.1236
5.5
CVSSv3
CVE-2020-7215
An issue exists in Gallagher Command Centre 7.x prior to 7.90.991(MR5), 8.00 prior to 8.00.1161(MR5), and 8.10 prior to 8.10.1134(MR4). External system configuration data (used for third party integrations such as DVR systems) were logged in the Command Centre event trail. Any au...
Gallagher Command CentreGallagher Command Centre 7.90.991Gallagher Command Centre 8.00.1161Gallagher Command Centre 8.10.1134
7.5
CVSSv3
CVE-2020-16101
It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service due to an out-of-bounds buffer access. Affected versions are v8.20 prior to v8.20.1166(MR3), v8.10 prior to v8.10.1211(MR5), v8.00 prior to v8.00.1228(MR6), all versions of ...
Gallagher Command CentreGallagher Command Centre 8.00.1228Gallagher Command Centre 8.10.1211Gallagher Command Centre 8.20.1166
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook