Secomea GateManager

Act Now10ICS-CERT ICSA-20-210-01Jul 28, 2020

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Secomea GateManager contains multiple vulnerabilities (CWE-158, CWE-193, CWE-798, CWE-916) that allow remote attackers to gain remote code execution on the device with no authentication required and minimal attack complexity. The vulnerabilities affect all GateManager versions prior to 9.2c.

What this means

What could happen

An attacker could execute arbitrary code on the GateManager device and potentially compromise the remote access gateway, allowing unauthorized control over connected industrial networks or disruption of secure remote management functionality for critical infrastructure.

Who's at risk

Water authorities, electric utilities, and other critical infrastructure operators using Secomea GateManager for secure remote access to industrial networks and control systems. This device is a remote access gateway, so compromise could affect all connected devices and operations on the network it protects.

How it could be exploited

An attacker with network access to the GateManager device (typically exposed for remote access) can send a specially crafted network request that exploits one or more of the identified vulnerabilities to execute arbitrary commands on the device without needing valid credentials.

Prerequisites

Network access to the GateManager device
Device reachable from attacker's network (often on external-facing segment)
No authentication required

remotely exploitableno authentication requiredlow complexityhigh CVSS score (10/10)affects remote access gateway (critical security function)

Exploitability

Low exploit probability (EPSS 0.7%)

Affected products (1)

ProductAffected VersionsFix Status

GateManager: All< 9.2c9.2c or later

Remediation & Mitigation

0/5

Do now

0/4

HARDENINGPlace GateManager behind a firewall and isolate it from the business network

WORKAROUNDRestrict network access to GateManager to only authorized administrative workstations using firewall rules

HARDENINGImplement a VPN for remote access to GateManager instead of direct Internet exposure

HARDENINGEnsure GateManager is not directly accessible from the Internet

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade GateManager to version 9.2c or later

CVEs (4)

CVE-2020-14500 CVE-2020-14508 CVE-2020-14510 CVE-2020-14512

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/73eee413-0ca0-4ac9-92df-40304a1df636