CVE-2020-11644

CVE-2020-11644 affects B&R GateManager 4260/9250 (pre-9.0.20262 and pre-9.2.620236042 respectively) and GateManager 8250 (pre-9.2.620236042). The vulnerability arises from improper authentication that allows an authenticated attacker to generate fake audit log messages, enabling information expos...

CVE-2020-11643

CVE-2020-11643 is a validated information-disclosure vulnerability in B&R GateManager 4260/9250 (<9.0.20262) and GateManager 8250 (

CVE-2020-11643 GateManager Information Disclosure Vulnerability

An information disclosure vulnerability in B&R GateManager 4260 and 9250 versions 9.0.20262 and GateManager 8250 versions 9.2.620236042 allows authenticated users to view information of devices belonging to foreign domains...

B&R Automation SiteManager and GateManager

1. EXECUTIVE SUMMARY CVSS v3 7.7 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: B&R Industrial Automation GmbH Equipment: SiteManager and GateManager Vulnerabilities: Path Traversal, Uncontrolled Resource Consumption, Information Exposure, Improper Authentication, Information...

CVE-2020-14512

GateManager versions prior to 9.2c, The affected product uses a weak hash type, which may allow an attacker to view user passwords...

CVE-2020-14500

Secomea GateManager all versions prior to 9.2c, An attacker can send a negative value and overwrite arbitrary data...

CVE-2020-14510

GateManager versions prior to 9.2c, The affected product contains a hard-coded credential for telnet, allowing an unprivileged attacker to execute commands as root...

CVE-2020-14508

GateManager versions prior to 9.2c, The affected product is vulnerable to an off-by-one error, which may allow an attacker to remotely execute arbitrary code or cause a denial-of-service condition...

CVE-2020-14512

GateManager versions prior to 9.2c, The affected product uses a weak hash type, which may allow an attacker to view user passwords...

CVE-2020-14510

GateManager versions prior to 9.2c, The affected product contains a hard-coded credential for telnet, allowing an unprivileged attacker to execute commands as root...

CVE-2020-14500

Secomea GateManager all versions prior to 9.2c, An attacker can send a negative value and overwrite arbitrary data...

Race condition

GateManager versions prior to 9.2c, The affected product is vulnerable to an off-by-one error, which may allow an attacker to remotely execute arbitrary code or cause a denial-of-service condition...

Hardcoded credentials

GateManager versions prior to 9.2c, The affected product contains a hard-coded credential for telnet, allowing an unprivileged attacker to execute commands as root...

Design/Logic Flaw

GateManager versions prior to 9.2c, The affected product uses a weak hash type, which may allow an attacker to view user passwords...

Code injection

Secomea GateManager all versions prior to 9.2c, An attacker can send a negative value and overwrite arbitrary data...

CVE-2020-14512

CVE-2020-14512 affects Secomea GateManager (versions prior to 9.2c) due to use of a weak password hash, potentially allowing an attacker to view user passwords. Affected firmware patches exist (GateManager 9.2c/9.2i); apply the latest update to mitigate. CISA ICS advisory confirms the vulnerabili...

CVE-2020-14512 USE OF PASSWORD HASH WITH INSUFFICIENT COMPUTATIONAL EFFORT CWE-916

GateManager versions prior to 9.2c, The affected product uses a weak hash type, which may allow an attacker to view user passwords...

CVE-2020-14510 OFF-BY-ONE ERROR CWE-193

GateManager versions prior to 9.2c, The affected product contains a hard-coded credential for telnet, allowing an unprivileged attacker to execute commands as root...

CVE-2020-14510

GateManager (Secomea) VPN server is affected by CVE-2020-14510 due to a hard-coded telnet credential, allowing an unprivileged attacker to execute commands as root. Affected: GateManager versions prior to 9.2c. Mitigation/remediation: update to 9.2c (or newer, per advisories) and apply provided p...

CVE-2020-14508 OFF-BY-ONE ERROR CWE-193

GateManager versions prior to 9.2c, The affected product is vulnerable to an off-by-one error, which may allow an attacker to remotely execute arbitrary code or cause a denial-of-service condition...