CVE-2021-23230 – A SQL injection vulnerability in the OPCUA inte... (How to Fix)

Q: What is the severity of CVE-2021-23230?

CVE-2021-23230 has a CVSS score of 9.9 (CRITICAL). A SQL injection vulnerability in the OPCUA interface of Gallagher Command Centre allows remote unprivileged operators to modify databases undetected. This affects Gallagher Command Centre versions 8.40 prior to 8.40.1888 (MR3), 8.30 prior to 8.30.1359 (MR3), 8.20 prior to 8.20.1259 (MR5), 8.10 prior to 8.10.1284 (MR7), and version 8.00 and prior.

📋 TL;DR

A SQL injection vulnerability in the OPCUA interface of Gallagher Command Centre allows remote unprivileged operators to modify databases undetected. This affects Gallagher Command Centre versions 8.40 prior to 8.40.1888 (MR3), 8.30 prior to 8.30.1359 (MR3), 8.20 prior to 8.20.1259 (MR5), 8.10 prior to 8.10.1284 (MR7), and version 8.00 and prior.

💻 Affected Systems

Products:

Gallagher Command Centre

Versions: 8.40 prior to 8.40.1888 (MR3), 8.30 prior to 8.30.1359 (MR3), 8.20 prior to 8.20.1259 (MR5), 8.10 prior to 8.10.1284 (MR7), 8.00 and prior versions

Operating Systems: Not specified, likely Windows-based

Default Config Vulnerable: ⚠️ Yes

Notes: Requires Command Centre Operator access, but no special privileges needed. OPCUA interface must be enabled.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of Command Centre databases leading to unauthorized access control modifications, data destruction, or system takeover.

🟠

Likely Case

Unauthorized database modifications affecting access control systems, potentially granting physical access to restricted areas.

🟢

If Mitigated

Limited impact with proper network segmentation and monitoring, but still poses significant risk to database integrity.

🌐 Internet-Facing: HIGH if OPCUA interface is exposed to internet, as SQL injection can be exploited remotely.

🏢 Internal Only: HIGH as unprivileged operators can exploit this vulnerability from within the network.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

SQL injection vulnerabilities are typically easy to exploit with basic knowledge. Requires operator credentials but no special privileges.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 8.40.1888 (MR3), 8.30.1359 (MR3), 8.20.1259 (MR5), 8.10.1284 (MR7)

Vendor Advisory: https://security.gallagher.com/Security-Advisories/CVE-2021-23230

Restart Required: Yes

Instructions:

1. Download appropriate patch from Gallagher support portal. 2. Backup Command Centre databases. 3. Apply patch following Gallagher documentation. 4. Restart Command Centre services. 5. Verify version update.

🔧 Temporary Workarounds

Disable OPCUA Interface

all

Temporarily disable the OPCUA interface if not required for operations.

Specific commands depend on Gallagher Command Centre configuration. Consult Gallagher documentation for OPCUA interface disable procedures.

Network Segmentation

all

Restrict access to Command Centre OPCUA interface to only authorized systems.

Configure firewall rules to limit access to Command Centre server on OPCUA ports (typically 4840/tcp).

🧯 If You Can't Patch

Implement strict network segmentation to isolate Command Centre from untrusted networks.
Enable detailed logging and monitoring of database access and OPCUA interface activity.

🔍 How to Verify

Check if Vulnerable:

Check Command Centre version in administration interface. If version is 8.40 prior to 8.40.1888, 8.30 prior to 8.30.1359, 8.20 prior to 8.20.1259, 8.10 prior to 8.10.1284, or 8.00/prior, system is vulnerable.

Check Version:

Check version in Gallagher Command Centre administration interface or consult Gallagher documentation for version check commands.

Verify Fix Applied:

Verify Command Centre version is updated to 8.40.1888 (MR3), 8.30.1359 (MR3), 8.20.1259 (MR5), 8.10.1284 (MR7) or later.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple failed OPCUA authentication attempts
Unexpected database modifications from operator accounts

Network Indicators:

Unusual traffic patterns to OPCUA port (typically 4840/tcp)
SQL injection patterns in network traffic

SIEM Query:

Example: 'source="command_centre_logs" AND (sql_injection OR unusual_query OR database_modification)'

📊 Metadata

CVE ID: CVE-2021-23230

CVSS v3 Score: 9.9 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-89

Published: June 11, 2021

Last Updated: November 21, 2024

🔗 References

https://security.gallagher.com/Security-Advisories/CVE-2021-23230 Vendor Advisory
https://security.gallagher.com/Security-Advisories/CVE-2021-23230 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-23230, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Command Centre by Gallagher

Command Centre by Gallagher

Command Centre by Gallagher

Command Centre by Gallagher

Command Centre by Gallagher

Command Centre by Gallagher

Command Centre by Gallagher

Command Centre by Gallagher

Command Centre by Gallagher

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable OPCUA Interface

Network Segmentation

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities