VYPR

Command Centre Server

by Gallagher

CVEs (50)

  • CVE-2020-16100HigSep 15, 2020
    risk 0.49cvss 7.5epss 0.01

    It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service's DCOM websocket thread due to improper shutdown of closed websocket connections, preventing it from accepting future DCOM websocket (Configuration Client) connections.…

  • CVE-2020-16097HigSep 15, 2020
    risk 0.47cvss 7.3epss 0.00

    On controllers running versions of v8.20 prior to vCR8.20.200221b (distributed in v8.20.1093(MR2)), v8.10 prior to vGR8.10.179 (distributed in v8.10.1211(MR5)), v8.00 prior to vGR8.00.165 (Distributed in v8.00.1228(MR6)), v7.90 prior to vGR7.90.165 (distributed in…

  • CVE-2023-25074HigJul 25, 2023
    risk 0.46cvss 7.1epss 0.00

    Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Competencies. This issue affects Command Centre: vEL8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185…

  • CVE-2021-23146HigNov 18, 2021
    risk 0.46cvss 7.1epss 0.01

    An Incomplete Comparison with Missing Factors vulnerability in the Gallagher Controller allows an attacker to bypass PIV verification. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior…

  • CVE-2020-16102HigDec 14, 2020
    risk 0.46cvss 7.1epss 0.01

    Improper Authentication vulnerability in Gallagher Command Centre Server allows an unauthenticated remote attacker to create items with invalid configuration, potentially causing the server to crash and fail to restart. This issue affects: Gallagher Command Centre 8.30 versions…

  • CVE-2025-48428MedOct 23, 2025
    risk 0.44cvss 6.7epss 0.00

    Cleartext Storage of Sensitive Information (CWE-312) in the Gallagher Morpho integration could allow an authenticated user with access to the Command Centre Server to export a specific signing key while in use allowing them to deploy a compromised or counterfeit device on that…

  • CVE-2024-21838MedMar 5, 2024
    risk 0.44cvss 6.8epss 0.00

    Improper neutralization of special elements in output (CWE-74) used by the email generation feature of the Command Centre Server could lead to HTML code injection in emails generated by Command Centre. This issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774…

  • CVE-2023-22363MedJul 25, 2023
    risk 0.42cvss 6.5epss 0.01

    A stack-based buffer overflow in the Command Centre Server allows an attacker to cause a denial of service attack via assigning cardholders to an Access Group. This issue affects Command Centre: vEL8.80 prior to vEL8.80.1192 (MR2)

  • CVE-2021-23136MedJun 11, 2021
    risk 0.42cvss 6.5epss 0.01

    Improper Authorization vulnerability in Gallagher Command Centre Server allows macro overrides to be performed by an unprivileged Command Centre Operator. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3);…

  • CVE-2019-19802MedJan 17, 2020
    risk 0.42cvss 6.5epss 0.01

    In Gallagher Command Centre Server v8.10 prior to v8.10.1134(MR4), v8.00 prior to v8.00.1161(MR5), v7.90 prior to v7.90.991(MR5), v7.80 prior to v7.80.960(MR2) and v7.70 or earlier, an authenticated user connecting to OPCUA can view all data that would be replicated in a…

  • CVE-2019-12492MedJun 6, 2019
    risk 0.42cvss 6.5epss 0.01

    Gallagher Command Centre before 7.80.939, 7.90.x before 7.90.961, and 8.x before 8.00.1128 allows arbitrary event creation and information disclosure via the FT Command Centre Service and FT Controller Service services.

  • CVE-2021-23211MedJun 11, 2021
    risk 0.39cvss 6.0epss 0.00

    Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows Cloud end-to-end encryption key to be discoverable in server memory dumps. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3).

  • CVE-2021-23182MedJun 11, 2021
    risk 0.39cvss 6.0epss 0.00

    Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows OSDP reader master keys to be discoverable in server memory dumps. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); All versions of…

  • CVE-2025-52578MedNov 18, 2025
    risk 0.37cvss 5.7epss 0.00

    Incorrect Usage of Seeds in Pseudo-Random Number Generator (CWE- 335) vulnerability in the High Sec ELM may allow a sophisticated attacker with physical access, to compromise internal device communications. This issue affects Command Centre Server: 9.30 prior to…

  • CVE-2025-52457MedNov 18, 2025
    risk 0.37cvss 5.7epss 0.00

    Observable Timing Discrepancy (CWE-208) in HBUS devices may allow an attacker with physical access to the device to extract device-specific keys, potentially compromising further site security. This issue affects Command Centre Server: 9.30 prior to vCR9.30.251028a…

  • CVE-2025-48430MedOct 23, 2025
    risk 0.36cvss 5.5epss 0.00

    Uncaught Exception (CWE-248) in the Command Centre Server allows an Authorized and Privileged Operator to crash the Command Centre Server at will. This issue affects Command Centre Server: 9.30 prior to vEL9.30.2482 (MR2), 9.20 prior to vEL9.20.2819 (MR4), 9.10 prior to…

  • CVE-2025-41402MedOct 23, 2025
    risk 0.36cvss 5.5epss 0.00

    Client-Side Enforcement of Server-Side Security (CWE-602) in the Command Centre Server allows a privileged operator to enter invalid competency data, bypassing expiry checks. This issue affects Command Centre Server:  9.30 prior to vEL9.30.2482 (MR2), 9.20 prior to…

  • CVE-2025-35981MedOct 23, 2025
    risk 0.36cvss 5.5epss 0.00

    Exposure of Private Personal Information to an Unauthorized Actor (CWE-359) in the Command Centre Server allows a privileged Operator to view limited personal data about a Cardholder they would not normally have permissions to view. This issue affects Command Centre Server:…

  • CVE-2025-46406MedJul 10, 2025
    risk 0.36cvss 5.6epss 0.00

    A Privilege Context Switching Error (CWE-270) in the Command Center Server could allow a privileged Operator with high level access in one Division to perform limited privileged activities across the Division boundary. This issue affects Command Centre Server: 9.30 prior to…

  • CVE-2020-7215MedJan 20, 2020
    risk 0.36cvss 5.5epss 0.00

    An issue was discovered in Gallagher Command Centre 7.x before 7.90.991(MR5), 8.00 before 8.00.1161(MR5), and 8.10 before 8.10.1134(MR4). External system configuration data (used for third party integrations such as DVR systems) were logged in the Command Centre event trail. Any…