CVE-2020-11644

MEDIUM

Br-automation Gatemanager 9250 Firmware - Information Disclosure

Title source: rule

Description

The information disclosure vulnerability present in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to generate fake audit log messages.

References (2)

[Third Party Advisory, US Government Resource] https://us-cert.cisa.gov/ics/advisories/icsa-20-273-03

[Vendor Advisory] https://www.br-automation.com/downloads_br_productcatalogue/assets/1600003183751-de-original-1.0.pdf

Scores

CVSS v3 6.5

EPSS 0.0023

EPSS Percentile 45.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-117

Status published

Affected Products (3)

br-automation/gatemanager_9250_firmware < 9.0.20262

br-automation/gatemanager_4260_firmware < 9.0.20262

br-automation/gatemanager_8250_firmware < 9.2.620236042

Timeline

Published Oct 15, 2020

Tracked Since Feb 18, 2026