VYPR

Command Centre Server

by Gallagher

CVEs (50)

  • CVE-2025-47699CriOct 23, 2025
    risk 0.64cvss 9.9epss 0.00

    Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497) in the Gallagher Morpho integration could allow an authenticated operator with limited site permissions to make critical changes to local Morpho devices. This issue affects Command Centre…

  • CVE-2021-23230CriJun 11, 2021
    risk 0.64cvss 9.9epss 0.01

    A SQL Injection vulnerability in the OPCUA interface of Gallagher Command Centre allows a remote unprivileged Command Centre Operator to modify Command Centre databases undetected. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions…

  • CVE-2021-23140CriJun 11, 2021
    risk 0.64cvss 9.9epss 0.01

    Improper Authorization vulnerability in Gallagher Command Centre Server allows command line macros to be modified by an unauthorised Command Centre Operator. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359…

  • CVE-2020-16098CriSep 15, 2020
    risk 0.64cvss 9.8epss 0.01

    It is possible to enumerate access card credentials via an unauthenticated network connection to the server in versions of Command Centre v8.20 prior to v8.20.1166(MR3), versions of 8.10 prior to v8.10.1211(MR5), versions of 8.00 prior to v8.00.1228(MR6), all versions of 7.90…

  • CVE-2020-16096CriSep 15, 2020
    risk 0.64cvss 9.9epss 0.01

    In Gallagher Command Centre versions 8.10 prior to 8.10.1134(MR4), 8.00 prior to 8.00.1161(MR5), 7.90 prior to 7.90.991(MR5), 7.80 prior to 7.80.960(MR2), 7.70 and earlier, any operator account has access to all data that would be replicated if the system were to be (or is)…

  • CVE-2019-15294CriAug 28, 2019
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in Gallagher Command Centre 8.10 before 8.10.1092(MR2). Upon an upgrade, if a custom service account is in use and the visitor management service is installed, the Windows username and password for this service are logged in cleartext to the…

  • CVE-2024-21815CriMar 5, 2024
    risk 0.59cvss 9.1epss 0.00

    Insufficiently protected credentials (CWE-522) for third party DVR integrations to the Command Centre Server are accessible to authenticated but unprivileged users. This issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 (MR2), 8.90 prior to vEL8.90.1751…

  • CVE-2024-41724HigMar 10, 2025
    risk 0.57cvss 8.7epss 0.00

    Improper Certificate Validation (CWE-295) in the Gallagher Command Centre SALTO integration allowed an attacker to spoof the SALTO server. This issue affects all versions of Gallagher Command Centre prior to 9.20.1043.

  • CVE-2020-16103HigDec 14, 2020
    risk 0.57cvss 8.8epss 0.02

    Type confusion in Gallagher Command Centre Server allows a remote attacker to crash the server or possibly cause remote code execution. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1236(MR1); 8.20 versions prior to 8.20.1166(MR3); 8.10 versions prior…

  • CVE-2024-42407HigDec 12, 2024
    risk 0.55cvss 8.5epss 0.00

    Insertion of Sensitive Information into Log File (CWE-532) in the Gallagher Command Centre Alarm Transmitter feature could allow an authenticated Operator to view some security sensitive information to which they have not been granted access. This issue affects: Command Centre…

  • CVE-2026-25193HigMay 25, 2026
    risk 0.53cvss 8.1epss 0.00

    Insertion of Sensitive Information into Log File (CWE-532) in some Command Centre Service installers could lead to Service Account credentials exposure.  Mitigating Factor: Only sites that install Command Centre Services with a custom Service Account (not the default Network…

  • CVE-2022-26348HigJul 6, 2022
    risk 0.53cvss 8.2epss 0.00

    Command Centre Server is vulnerable to SQL Injection via Windows Registry settings for date fields on the server. The Windows Registry setting allows an attacker using the Visitor Management Kiosk, an application designed for public use, to invoke an arbitrary SQL query that has…

  • CVE-2021-23193HigNov 18, 2021
    risk 0.53cvss 8.1epss 0.01

    Improper privilege validation vulnerability in COM Interface of Gallagher Command Centre Server allows authenticated unprivileged operators to retrieve sensitive information from the Command Centre Server. This issue affects: Gallagher Command Centre 8.50 versions prior to…

  • CVE-2021-23167HigNov 18, 2021
    risk 0.53cvss 8.1epss 0.00

    Improper certificate validation vulnerability in SMTP Client allows man-in-the-middle attack to retrieve sensitive information from the Command Centre Server. This issue affects: Gallagher Command Centre 8.50 versions prior to 8.50.2048 (MR3); 8.40 versions prior to 8.40.2063…

  • CVE-2021-23205HigJun 11, 2021
    risk 0.53cvss 8.1epss 0.01

    Improper Encoding or Escaping in Gallagher Command Centre Server allows a Command Centre Operator to alter the configuration of Controllers and other hardware items beyond their privilege. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30…

  • CVE-2021-23204HigJun 11, 2021
    risk 0.53cvss 8.1epss 0.01

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gallagher Command Centre Server allows OSDP key material to be exposed to Command Centre Operators. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions…

  • CVE-2020-16104HigDec 14, 2020
    risk 0.53cvss 8.2epss 0.01

    SQL Injection vulnerability in Enterprise Data Interface of Gallagher Command Centre allows a remote attacker with 'Edit Enterprise Data Interfaces' privilege to execute arbitrary SQL against a third party database if EDI is configured to import data from this database. This…

  • CVE-2024-43690HigSep 11, 2024
    risk 0.52cvss 8.0epss 0.01

    Inclusion of Functionality from Untrusted Control Sphere(CWE-829) in the Command Centre Server and Workstations may allow an attacker to perform Remote Code Execution (RCE). This issue affects: Command Centre Server and Command Centre Workstations 9.10 prior to vEL9.10.1530…

  • CVE-2023-22428HigJul 24, 2023
    risk 0.49cvss 7.6epss 0.00

    Improper privilege validation in Command Centre Server allows authenticated operators to modify Division lineage. This issue affects Command Centre: vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), vEL8.60 prior to vEL8.60.2347 (MR6), vEL8.50 prior to…

  • CVE-2020-16101HigSep 15, 2020
    risk 0.49cvss 7.5epss 0.01

    It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service due to an out-of-bounds buffer access. Affected versions are v8.20 prior to v8.20.1166(MR3), v8.10 prior to v8.10.1211(MR5), v8.00 prior to v8.00.1228(MR6), all versions of…

Page 1 of 3