CVE-2020-11643 - OpenCVE

An information disclosure vulnerability in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to view information of devices belonging to foreign domains.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Br-automation	Gatemanager 8250 Gatemanager 9250 Gatemanager 9250 Firmware Gatemanager 8250 Firmware Gatemanager 4260 Gatemanager 4260 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:br-automation:gatemanager_9250_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:br-automation:gatemanager_9250:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:br-automation:gatemanager_4260_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:br-automation:gatemanager_4260:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:br-automation:gatemanager_8250_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:br-automation:gatemanager_8250:-:*:*:*:*:*:*:*

References

Link	Resource
https://us-cert.cisa.gov/ics/advisories/icsa-20-273-03	Third Party Advisory US Government Resource
https://www.br-automation.com/downloads_br_productcatalogue/assets/1600003183751-de-original-1.0.pdf	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: ABB

Published: 2020-09-29T00:00:00

Updated: 2020-11-17T01:34:39

Reserved: 2020-04-08T00:00:00

Link: CVE-2020-11643

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-10-15T15:15:10.953

Modified: 2021-11-04T17:31:05.647

Link: CVE-2020-11643

JSON object: View

Redhat Information

No data.

CWE

CWE-532

{"containers": {"cna": {"affected": [{"product": "GateManager", "vendor": "B&R", "versions": [{"lessThan": "9.0.20262", "status": "affected", "version": "4260", "versionType": "custom"}, {"lessThan": "9.0.20262", "status": "affected", "version": "9250", "versionType": "custom"}, {"lessThan": "9.2.620236042", "status": "affected", "version": "8250", "versionType": "custom"}]}], "datePublic": "2020-09-29T00:00:00", "descriptions": [{"lang": "en", "value": "An information disclosure vulnerability in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to view information of devices belonging to foreign domains."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-532", "description": "CWE-532 Information Exposure Through Log Files", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-11-17T01:34:39", "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "shortName": "ABB"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1600003183751-de-original-1.0.pdf"}, {"tags": ["x_refsource_MISC"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-273-03"}], "source": {"discovery": "UNKNOWN"}, "title": "GateManager Information Disclosure Vulnerability", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cybersecurity@ch.abb.com", "DATE_PUBLIC": "2020-09-29T00:00:00.000Z", "ID": "CVE-2020-11643", "STATE": "PUBLIC", "TITLE": "GateManager Information Disclosure Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "GateManager", "version": {"version_data": [{"version_affected": "<", "version_name": "4260", "version_value": "9.0.20262"}, {"version_affected": "<", "version_name": "9250", "version_value": "9.0.20262"}, {"version_affected": "<", "version_name": "8250", "version_value": "9.2.620236042"}]}}]}, "vendor_name": "B&R"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An information disclosure vulnerability in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to view information of devices belonging to foreign domains."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-532 Information Exposure Through Log Files"}]}]}, "references": {"reference_data": [{"name": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1600003183751-de-original-1.0.pdf", "refsource": "MISC", "url": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1600003183751-de-original-1.0.pdf"}, {"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-273-03", "refsource": "MISC", "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-273-03"}]}, "source": {"discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "assignerShortName": "ABB", "cveId": "CVE-2020-11643", "datePublished": "2020-09-29T00:00:00", "dateReserved": "2020-04-08T00:00:00", "dateUpdated": "2020-11-17T01:34:39", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:br-automation:gatemanager_9250_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CA294ABA-2C18-4EC7-95B2-E0BC4EAA4D5C", "versionEndExcluding": "9.0.20262", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:br-automation:gatemanager_9250:-:*:*:*:*:*:*:*", "matchCriteriaId": "0B280165-5A6D-481E-A491-D16749CD45FA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:br-automation:gatemanager_4260_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "72CD9ABC-BCA3-453D-A26F-3C61237C9C1C", "versionEndExcluding": "9.0.20262", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:br-automation:gatemanager_4260:-:*:*:*:*:*:*:*", "matchCriteriaId": "58B4D4A1-54AB-4849-A1F5-3CDB42FF0712", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:br-automation:gatemanager_8250_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "06AB955E-3951-4B3E-8B9D-E5A987FDFBCE", "versionEndExcluding": "9.2.620236042", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:br-automation:gatemanager_8250:-:*:*:*:*:*:*:*", "matchCriteriaId": "FBA1D46A-4C8F-4A1B-8708-A8F488287643", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An information disclosure vulnerability in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to view information of devices belonging to foreign domains."}, {"lang": "es", "value": "Una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en B&R GateManager 4260 y 9250 versiones anteriores a 9.0.20262 y GateManager 8250 versiones anteriores a 9.2.620236042, permite a usuarios autenticados visualizar informaci\u00f3n de dispositivos que pertenecen a dominios externos"}], "id": "CVE-2020-11643", "lastModified": "2021-11-04T17:31:05.647", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "cybersecurity@ch.abb.com", "type": "Secondary"}]}, "published": "2020-10-15T15:15:10.953", "references": [{"source": "cybersecurity@ch.abb.com", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-273-03"}, {"source": "cybersecurity@ch.abb.com", "tags": ["Vendor Advisory"], "url": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1600003183751-de-original-1.0.pdf"}], "sourceIdentifier": "cybersecurity@ch.abb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-532"}], "source": "cybersecurity@ch.abb.com", "type": "Secondary"}]}