CVE-2020-11646 - OpenCVE

A log information disclosure vulnerability in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to view log information reserved for other users.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Br-automation	Gatemanager 8250 Gatemanager 9250 Gatemanager 9250 Firmware Gatemanager 8250 Firmware Gatemanager 4260 Gatemanager 4260 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:br-automation:gatemanager_9250_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:br-automation:gatemanager_9250:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:br-automation:gatemanager_4260_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:br-automation:gatemanager_4260:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:br-automation:gatemanager_8250_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:br-automation:gatemanager_8250:-:*:*:*:*:*:*:*

References

Link	Resource
https://us-cert.cisa.gov/ics/advisories/icsa-20-273-03	Third Party Advisory US Government Resource
https://www.br-automation.com/downloads_br_productcatalogue/assets/1600003183751-de-original-1.0.pdf	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: ABB

Published: 2020-09-29T00:00:00

Updated: 2020-11-17T01:35:03

Reserved: 2020-04-08T00:00:00

Link: CVE-2020-11646

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-10-15T15:15:11.203

Modified: 2021-11-03T20:12:46.437

Link: CVE-2020-11646

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "GateManager", "vendor": "B&R", "versions": [{"lessThan": "9.0.20262", "status": "affected", "version": "4260", "versionType": "custom"}, {"lessThan": "9.0.20262", "status": "affected", "version": "9250", "versionType": "custom"}, {"lessThan": "9.2.620236042", "status": "affected", "version": "8250", "versionType": "custom"}]}], "datePublic": "2020-09-29T00:00:00", "descriptions": [{"lang": "en", "value": "A log information disclosure vulnerability in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to view log information reserved for other users."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-532", "description": "CWE-532 Information Exposure Through Log Files", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-11-17T01:35:03", "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "shortName": "ABB"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1600003183751-de-original-1.0.pdf"}, {"tags": ["x_refsource_MISC"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-273-03"}], "source": {"discovery": "UNKNOWN"}, "title": "GateManager Log Information Disclosure Vulnerability", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cybersecurity@ch.abb.com", "DATE_PUBLIC": "2020-09-29T00:00:00.000Z", "ID": "CVE-2020-11646", "STATE": "PUBLIC", "TITLE": "GateManager Log Information Disclosure Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "GateManager", "version": {"version_data": [{"version_affected": "<", "version_name": "4260", "version_value": "9.0.20262"}, {"version_affected": "<", "version_name": "9250", "version_value": "9.0.20262"}, {"version_affected": "<", "version_name": "8250", "version_value": "9.2.620236042"}]}}]}, "vendor_name": "B&R"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A log information disclosure vulnerability in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to view log information reserved for other users."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-532 Information Exposure Through Log Files"}]}]}, "references": {"reference_data": [{"name": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1600003183751-de-original-1.0.pdf", "refsource": "MISC", "url": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1600003183751-de-original-1.0.pdf"}, {"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-273-03", "refsource": "MISC", "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-273-03"}]}, "source": {"discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "assignerShortName": "ABB", "cveId": "CVE-2020-11646", "datePublished": "2020-09-29T00:00:00", "dateReserved": "2020-04-08T00:00:00", "dateUpdated": "2020-11-17T01:35:03", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:br-automation:gatemanager_9250_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CA294ABA-2C18-4EC7-95B2-E0BC4EAA4D5C", "versionEndExcluding": "9.0.20262", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:br-automation:gatemanager_9250:-:*:*:*:*:*:*:*", "matchCriteriaId": "0B280165-5A6D-481E-A491-D16749CD45FA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:br-automation:gatemanager_4260_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "72CD9ABC-BCA3-453D-A26F-3C61237C9C1C", "versionEndExcluding": "9.0.20262", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:br-automation:gatemanager_4260:-:*:*:*:*:*:*:*", "matchCriteriaId": "58B4D4A1-54AB-4849-A1F5-3CDB42FF0712", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:br-automation:gatemanager_8250_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "06AB955E-3951-4B3E-8B9D-E5A987FDFBCE", "versionEndExcluding": "9.2.620236042", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:br-automation:gatemanager_8250:-:*:*:*:*:*:*:*", "matchCriteriaId": "FBA1D46A-4C8F-4A1B-8708-A8F488287643", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A log information disclosure vulnerability in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to view log information reserved for other users."}, {"lang": "es", "value": "Una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n de registro en B&R GateManager 4260 y 9250 versiones anteriores a 9.0.20262 y GateManager 8250 versiones anteriores a 9.2.620236042, permite a usuarios autenticados visualizar informaci\u00f3n del registro reservada para otros usuarios"}], "id": "CVE-2020-11646", "lastModified": "2021-11-03T20:12:46.437", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "cybersecurity@ch.abb.com", "type": "Secondary"}]}, "published": "2020-10-15T15:15:11.203", "references": [{"source": "cybersecurity@ch.abb.com", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-273-03"}, {"source": "cybersecurity@ch.abb.com", "tags": ["Vendor Advisory"], "url": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1600003183751-de-original-1.0.pdf"}], "sourceIdentifier": "cybersecurity@ch.abb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-532"}], "source": "cybersecurity@ch.abb.com", "type": "Secondary"}]}