NVD Vulnerability Detail

CVE-2021-23230

Summary	A SQL Injection vulnerability in the OPCUA interface of Gallagher Command Centre allows a remote unprivileged Command Centre Operator to modify Command Centre databases undetected. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); 8.10 versions prior to 8.10.1284 (MR7); version 8.00 and prior versions.
Publication Date	June 12, 2021, 1:15 a.m.
Registration Date	June 12, 2021, 2:01 p.m.
Last Update	Nov. 21, 2024, 2:51 p.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:gallagher:command_centre::::::::		8.00
cpe:2.3:a:gallagher:command_centre::::::::	8.10			8.10.1284
cpe:2.3:a:gallagher:command_centre::::::::	8.20			8.20.1259
cpe:2.3:a:gallagher:command_centre::::::::	8.30			8.30.1359
cpe:2.3:a:gallagher:command_centre::::::::	8.40			8.40.1888
cpe:2.3:a:gallagher:command_centre:8.20.1259:-::::::
cpe:2.3:a:gallagher:command_centre:8.10.1284:-::::::
cpe:2.3:a:gallagher:command_centre:8.30.1359:-::::::
cpe:2.3:a:gallagher:command_centre:8.40.1888:-::::::

Related information, measures and tools

No	URL	refsource	タグ
1	https://security.gallagher.com/Security-Advisories/CVE-2021-23230		Vendor Advisory
2	https://security.gallagher.com/Security-Advisories/CVE-2021-23230		Vendor Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-89	SQLインジェクション	https://cwe.mitre.org/data/definitions/89.html

JVN Vulnerability Information

Gallagher Command Centre における SQL インジェクションの脆弱性

Title	Gallagher Command Centre における SQL インジェクションの脆弱性
Summary	Gallagher Command Centre には、SQL インジェクションの脆弱性が存在します。
Possible impacts	情報を改ざんされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	June 11, 2021, midnight
Registration Date	March 7, 2022, 1:29 p.m.
Last Update	March 7, 2022, 1:29 p.m.

Affected System

Gallagher Group Limited

Command Centre 8.20.1259 (MR5) 未満の 8.20

Command Centre 8.30.1359 (MR3) 未満の 8.30

Command Centre 8.40.1888 (MR3) 未満の 8.40

Command Centre 8.00 およびそれ以前

Command Centre 8.10.1284 (MR7) 未満の 8.10

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2021-23230	https://www.cve.org/CVERecord?id=CVE-2021-23230
Gallagher Security
2	CVE-2021-23230	https://security.gallagher.com/Security-Advisories/CVE-2021-23230
National Vulnerability Database (NVD)
3	CVE-2021-23230	https://nvd.nist.gov/vuln/detail/CVE-2021-23230

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-89	https://jvndb.jvn.jp/ja/cwe/CWE-89.html

Change Log

No	Changed Details	Date of change
1	[2022年03月07日] 掲載	March 7, 2022, 1:29 p.m.