ICSA-20-273-03 · Published 2020-09-29 · View on CISA ICS-CERT ↗

B&R Automation SiteManager and GateManager

CVSS 7.7 HIGH

Risk Summary

Successful exploitation of these vulnerabilities could allow for arbitrary information disclosure, manipulation, and a denial-of-service condition.

CVE-2020-11641 CVE-2020-11642 CVE-2020-11643 CVE-2020-11644 CVE-2020-11645 CVE-2020-11646

B&R Industrial Automation reports the vulnerabilities have been fixed in the following versions: SiteManager: v9.2.620236042
B&R Industrial Automation reports the vulnerabilities have been fixed in the following versions: GateManager: 4260 and 9250 v9.0.20262
B&R Industrial Automation reports the vulnerabilities have been fixed in the following versions: GateManager: 8250 v9.2.620236042
The B&R cybersecurity webpage provides further information including cybersecurity guidelines.

B&R Industrial Automation

B&R Industrial Automation · SiteManager < 9.2.620236042

B&R Industrial Automation · GateManager 8250 < 9.2.620236042

B&R Industrial Automation · GateManager 4260 and 9250 < 9.0.20262

Chemical, Critical Manufacturing, Energy

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.