Lucene search

ABBCVE-2020-11645

HistoryOct 15, 2020 - 3:15 p.m.

CVE-2020-11645

2020-10-1515:15:11

CWE-400

ABB

web.nvd.nist.gov

denial of service

vulnerability

b&r gatemanager

security

nvd

cve-2020-11645

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

35.0%

JSON

A denial of service vulnerability in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to limit availability of GateManager instances.

Affected configurations

Nvd

Node

br-automationgatemanager_9250_firmwareRange<9.0.20262

AND

br-automationgatemanager_9250Match-

Node

br-automationgatemanager_4260_firmwareRange<9.0.20262

AND

br-automationgatemanager_4260Match-

Node

br-automationgatemanager_8250_firmwareRange<9.2.620236042

AND

br-automationgatemanager_8250Match-

VendorProductVersionCPE
br-automationgatemanager_9250_firmware*cpe:2.3:o:br-automation:gatemanager_9250_firmware:*:*:*:*:*:*:*:*
br-automationgatemanager_9250-cpe:2.3:h:br-automation:gatemanager_9250:-:*:*:*:*:*:*:*
br-automationgatemanager_4260_firmware*cpe:2.3:o:br-automation:gatemanager_4260_firmware:*:*:*:*:*:*:*:*
br-automationgatemanager_4260-cpe:2.3:h:br-automation:gatemanager_4260:-:*:*:*:*:*:*:*
br-automationgatemanager_8250_firmware*cpe:2.3:o:br-automation:gatemanager_8250_firmware:*:*:*:*:*:*:*:*
br-automationgatemanager_8250-cpe:2.3:h:br-automation:gatemanager_8250:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
br-automation	gatemanager_9250_firmware	*	cpe:2.3:o:br-automation:gatemanager_9250_firmware::::::::
br-automation	gatemanager_9250	-	cpe:2.3:h:br-automation:gatemanager_9250:-:::::::*
br-automation	gatemanager_4260_firmware	*	cpe:2.3:o:br-automation:gatemanager_4260_firmware::::::::
br-automation	gatemanager_4260	-	cpe:2.3:h:br-automation:gatemanager_4260:-:::::::*
br-automation	gatemanager_8250_firmware	*	cpe:2.3:o:br-automation:gatemanager_8250_firmware::::::::
br-automation	gatemanager_8250	-	cpe:2.3:h:br-automation:gatemanager_8250:-:::::::*

CNA Affected

[
  {
    "product": "GateManager",
    "vendor": "B&R",
    "versions": [
      {
        "lessThan": "9.0.20262",
        "status": "affected",
        "version": "4260",
        "versionType": "custom"
      },
      {
        "lessThan": "9.0.20262",
        "status": "affected",
        "version": "9250",
        "versionType": "custom"
      },
      {
        "lessThan": "9.2.620236042",
        "status": "affected",
        "version": "8250",
        "versionType": "custom"
      }
    ]
  }
]

References

us-cert.cisa.gov/ics/advisories/icsa-20-273-03

www.br-automation.com/downloads_br_productcatalogue/assets/1600003183751-de-original-1.0.pdf

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

35.0%

JSON

Related for CVE-2020-11645