CVE-2020-11646 – GateManager Log Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-11646
A log information disclosure vulnerability in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to view log information reserved for other users. Una vulnerabilidad de divulgación de información de registro en B&R GateManager 4260 y 9250 versiones anteriores a 9.0.20262 y GateManager 8250 versiones anteriores a 9.2.620236042, permite a usuarios autenticados visualizar información del registro reservada para otros usuarios • https://us-cert.cisa.gov/ics/advisories/icsa-20-273-03 https://www.br-automation.com/downloads_br_productcatalogue/assets/1600003183751-de-original-1.0.pdf • CWE-532: Insertion of Sensitive Information into Log File •
CVE-2020-11645 – GateManager Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-11645
A denial of service vulnerability in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to limit availability of GateManager instances. Una vulnerabilidad de denegación de servicio en B&R GateManager 4260 y 9250 versiones anteriores a 9.0.20262 y GateManager 8250 versiones anteriores a 9.2.620236042, permite a usuarios autenticados limitar la disponibilidad de instancias de GateManager • https://us-cert.cisa.gov/ics/advisories/icsa-20-273-03 https://www.br-automation.com/downloads_br_productcatalogue/assets/1600003183751-de-original-1.0.pdf • CWE-400: Uncontrolled Resource Consumption •
CVE-2020-11642 – SiteManager Denial of Service via Local File Inclusion Vulnerability
https://notcve.org/view.php?id=CVE-2020-11642
The local file inclusion vulnerability present in B&R SiteManager versions <9.2.620236042 allows authenticated users to impact availability of SiteManager instances. Una vulnerabilidad de inclusión de archivos locales presente en B&R SiteManager versiones anteriores a 9.2.620236042, permite a usuarios autenticados impactar la disponibilidad de las instancias de SiteManager • https://us-cert.cisa.gov/ics/advisories/icsa-20-273-03 https://www.br-automation.com/downloads_br_productcatalogue/assets/1600003183751-de-original-1.0.pdf • CWE-552: Files or Directories Accessible to External Parties •
CVE-2020-11641 – SiteManager Local File Inclusion Vulnerability
https://notcve.org/view.php?id=CVE-2020-11641
A local file inclusion vulnerability in B&R SiteManager versions <9.2.620236042 allows authenticated users to read sensitive files from SiteManager instances. Una vulnerabilidad de inclusión de archivos locales de B&R SiteManager versiones anteriores a 9.2.620236042, permite a usuarios autenticados leer archivos confidenciales desde instancias de SiteManager • https://us-cert.cisa.gov/ics/advisories/icsa-20-273-03 https://www.br-automation.com/downloads_br_productcatalogue/assets/1600003183751-de-original-1.0.pdf • CWE-552: Files or Directories Accessible to External Parties •
CVE-2020-11644 – GateManager Audit Message Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2020-11644
The information disclosure vulnerability present in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to generate fake audit log messages. Una vulnerabilidad de divulgación de información presente en B&R GateManager 4260 y 9250 versiones anteriores a 9.0.20262 y GateManager 8250 versiones anteriores a 9.2.620236042, permite a usuarios autenticados generar mensajes de registro de auditoría falsos • https://us-cert.cisa.gov/ics/advisories/icsa-20-273-03 https://www.br-automation.com/downloads_br_productcatalogue/assets/1600003183751-de-original-1.0.pdf • CWE-117: Improper Output Neutralization for Logs •