There are web application firewalls and network firewalls, but a firewall isn't really the issue here. If it's SQL injections that are the problem, the thing needed is input sanitization to ensure that SQL statements and queries can't be entered into normal input fields. Take, for example, the fields where you enter your username and password. If not properly coded, you can run SQL commands into these fields, allowing you to see or alter databases that you shouldn't have access to. The problem is with the code itself from the manufacturer, so their developers need to go back through and change the code. Proper security configurations during the Software Development Life Cycle and periodic penetration tests of the system to look for vulnerabilities would have reduced the changes of these vulnerabilities making it to software currently in production.