CVE-2020-11643 : Security Advisory and Response
Learn about CVE-2020-11643, an information disclosure vulnerability in B&R GateManager versions allowing authenticated users to view information from devices in foreign domains. Find mitigation steps and preventive measures here.
An information disclosure vulnerability in B&R GateManager versions allows authenticated users to view information of devices belonging to foreign domains.
Understanding CVE-2020-11643
This CVE involves an information disclosure vulnerability in B&R GateManager versions.
What is CVE-2020-11643?
CVE-2020-11643 is an information disclosure vulnerability in B&R GateManager versions that enables authenticated users to access information from devices in other domains.
The Impact of CVE-2020-11643
The vulnerability has a CVSS base score of 6.5, with high confidentiality impact and low privileges required for exploitation.
Technical Details of CVE-2020-11643
This section provides technical details of the vulnerability.
Vulnerability Description
The vulnerability allows authenticated users to view information from devices in foreign domains.
Affected Systems and Versions
- Product: GateManager
- Vendor: B&R
- Affected Versions:
- GateManager 4260 and 9250 versions <9.0.20262
- GateManager 8250 versions <9.2.620236042
Exploitation Mechanism
The vulnerability can be exploited by authenticated users to access information from devices in other domains.
Mitigation and Prevention
Protect your systems from CVE-2020-11643 with the following steps:
Immediate Steps to Take
- Update GateManager to versions 9.0.20262 or higher for 4260 and 9250, and 9.2.620236042 or higher for 8250.
- Monitor and restrict user access to sensitive information.
Long-Term Security Practices
- Regularly review and update access controls.
- Conduct security training for users to prevent unauthorized access.
Patching and Updates
- Apply security patches provided by B&R to address the vulnerability.