CVE-2021-23230: SQL Injection in Gallagher Command Centre

The SQL Injection vulnerability in Gallagher Command Centre allows an attacker to inject malicious SQL code into the OPCUA interface. Successful exploitation enables an unauthenticated or low-privilege Command Centre Operator to directly manipulate the Command Centre’s databases. This could involve unauthorized modification of user accounts, access control lists, event logs, or other sensitive data. The undetected nature of the modification amplifies the risk, as malicious changes could persist without immediate detection. The potential impact extends beyond data theft to include complete system compromise, enabling attackers to gain persistent access and control over the security system. While no direct precedent exists for this specific vulnerability, SQL Injection vulnerabilities are consistently exploited to gain unauthorized access and escalate privileges, mirroring the potential impact of similar attacks.

1. Reserved2021-01-26
2. Published2021-06-11
3. Modified2024-08-03
4. EPSS updated2026-04-02

The primary mitigation for CVE-2021-23230 is to immediately upgrade Gallagher Command Centre to version 8.40.1888 (MR3) or a later patched version. If upgrading is not immediately feasible due to compatibility issues or system downtime constraints, consider implementing temporary workarounds. While a direct WAF rule is difficult to implement without specific knowledge of the attack patterns, restricting access to the OPCUA interface to trusted networks and users can reduce the attack surface. Regularly review and audit Command Centre database access logs for any suspicious activity. Implement stricter authentication and authorization controls for Command Centre Operators to limit the potential impact of a compromised account. After upgrading, confirm the fix by attempting to trigger the SQL injection vulnerability through the OPCUA interface and verifying that the input is properly sanitized.