CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 0CVE-2020-16103
https://notcve.org/view.php?id=CVE-2020-16103
Type confusion in Gallagher Command Centre Server allows a remote attacker to crash the server or possibly cause remote code execution. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1236(MR1); 8.20 versions prior to 8.20.1166(MR3); 8.10 versions prior to 8.10.1211(MR5); version 8.00 and prior versions. Una confusión de tipos en Gallagher Command Center Server, permite a un atacante remoto bloquear el servidor o posiblemente causar una ejecución de código remota. Este problema afecta a: Gallagher Command Center versiones 8.30 anteriores a 8.30.1236 (MR1); versiones 8.20 anteriores a 8.20.1166(MR3); versiones 8.10 anteriores a 8.10.1211(MR5); versión 8.00 y versiones anteriores. • https://security.gallagher.com/Security-Advisories/CVE-2020-16103 • CWE-704: Incorrect Type Conversion or Cast CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.2EPSS: 0%CPEs: 13EXPL: 0CVE-2020-16102
https://notcve.org/view.php?id=CVE-2020-16102
Improper Authentication vulnerability in Gallagher Command Centre Server allows an unauthenticated remote attacker to create items with invalid configuration, potentially causing the server to crash and fail to restart. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1299(MR2); 8.20 versions prior to 8.20.1218(MR4); 8.10 versions prior to 8.10.1253(MR6); 8.00 versions prior to 8.00.1252(MR7); version 7.90 and prior versions. Una vulnerabilidad de autenticación inapropiada en Gallagher Command Center Server, permite a un atacante remoto no autenticado crear elementos con una configuración no válida, causando potencialmente que el servidor se bloquee y que no vuelva a reiniciar. Este problema afecta a: Gallagher Command Centre versiones 8.30 anteriores a 8.30.1299(MR2); versiones 8.20 anteriores a 8.20.1218(MR4); versiones 8.10 anteriores a 8.10.1253(MR6); versiones 8.00 anteriores a 8.00.1252(MR7); versión 7.90 y anteriores • https://security.gallagher.com/Security-Advisories/CVE-2020-16102 • CWE-287: Improper Authentication CWE-306: Missing Authentication for Critical Function •
CVSS: 8.2EPSS: 0%CPEs: 13EXPL: 0CVE-2020-16104
https://notcve.org/view.php?id=CVE-2020-16104
SQL Injection vulnerability in Enterprise Data Interface of Gallagher Command Centre allows a remote attacker with 'Edit Enterprise Data Interfaces' privilege to execute arbitrary SQL against a third party database if EDI is configured to import data from this database. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1236(MR1); 8.20 versions prior to 8.20.1166(MR3); 8.10 versions prior to 8.10.1211(MR5); 8.00 versions prior to 8.00.1228(MR6); version 7.90 and prior versions. Una vulnerabilidad de inyección SQL en Enterprise Data Interface de Gallagher Command Centre, permite a un atacante remoto con privilegio de "Edit Enterprise Data Interfaces" ejecutar un SQL arbitrario contra una base de datos de terceros si EDI está configurado para importar datos de esta base de datos. Este problema afecta a: Gallagher Command Center versiones 8.30 anteriores a 8.30.1236(MR1); versiones 8.20 anteriores a 8.20.1166(MR3); versiones 8.10 anteriores a 8.10.1211 (MR5); versiones 8.00 anteriores a 8.00.1228(MR6); versión 7.90 y versiones anteriores. • https://security.gallagher.com/Security-Advisories/CVE-2020-16104 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-7215
https://notcve.org/view.php?id=CVE-2020-7215
An issue was discovered in Gallagher Command Centre 7.x before 7.90.991(MR5), 8.00 before 8.00.1161(MR5), and 8.10 before 8.10.1134(MR4). External system configuration data (used for third party integrations such as DVR systems) were logged in the Command Centre event trail. Any authenticated operator with the 'view events' privilege could see the full configuration, including cleartext usernames and passwords, under the event details of a Modified DVR System event. Se detectó un problema en Gallagher Command Center versiones 7.x anteriores a 7.90.991(MR5), versiones 8.00 anteriores a 8.00.1161(MR5) y versiones 8.10 anteriores a 8.10.1134(MR4). Los datos de configuración del sistema externo (utilizados para integraciones de terceros, tales como los sistemas DVR) fueron registrados en el registro de eventos de Command Centre. • https://security.gallagher.com/cve-2020-7215 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2019-19802
https://notcve.org/view.php?id=CVE-2019-19802
In Gallagher Command Centre Server v8.10 prior to v8.10.1134(MR4), v8.00 prior to v8.00.1161(MR5), v7.90 prior to v7.90.991(MR5), v7.80 prior to v7.80.960(MR2) and v7.70 or earlier, an authenticated user connecting to OPCUA can view all data that would be replicated in a multi-server setup without privilege checks being applied. En Gallagher Command Center Server versiones v8.10 anteriores a v8.10.1134(MR4), versiones v8.00 anteriores a v8.00.1161(MR5), versiones v7.90 anteriores a v7.90.991(MR5), versiones v7.80 anteriores a v7.80.960(MR2) y versión v7.70 o anteriores, un usuario autenticado que conecta con OPCUA puede visualizar todos los datos que se replicarían en una configuración multiservidor sin ser aplicadas comprobaciones de privilegios. • https://security.gallagher.com/cve-2019-19802 • CWE-862: Missing Authorization •