B&R Automation SiteManager and GateManager

Plan Patch7.7ICS-CERT ICSA-20-273-03Sep 29, 2020

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

B&R Automation SiteManager and GateManager products contain multiple vulnerabilities including path traversal (CWE-22), resource exhaustion (CWE-400), sensitive information disclosure (CWE-200), and authentication bypass (CWE-287). These weaknesses allow authenticated remote attackers to disclose sensitive configuration data, manipulate device settings, and cause denial of service. All versions before the fixed versions are affected.

What this means

What could happen

An attacker with valid credentials could read sensitive configuration data from SiteManager and GateManager devices, modify settings, or cause the devices to stop responding to legitimate commands, disrupting manufacturing operations.

Who's at risk

Manufacturing plants using B&R Automation SiteManager or GateManager devices (models 4260, 8250, and 9250) for control system management and monitoring. These gateways and site managers are commonly used in industrial facilities to provide remote monitoring and administrative access to production equipment.

How it could be exploited

An attacker with network access to SiteManager or GateManager and valid user credentials can send crafted requests to exploit path traversal, resource exhaustion, and authentication bypass weaknesses to access unauthorized data, make changes to device configuration, or crash the service.

Prerequisites

Network connectivity to SiteManager or GateManager device
Valid user credentials for the affected device
Access to the administrative or user interface port

remotely exploitablerequires valid credentialsno public exploit availableaffects control system management devicesno patch available for some versions

Exploitability

Low exploit probability (EPSS 0.3%)

Affected products (3)

3 with fix

ProductAffected VersionsFix Status

SiteManager: all< 9.2.6202360429.2.620236042

GateManager 8250: all< 9.2.6202360429.2.620236042

GateManager 4260 and 9250: all< 9.0.202629.0.20262

Remediation & Mitigation

0/7

Do now

0/2

WORKAROUNDRestrict network access to SiteManager and GateManager devices using firewall rules; allow only known management stations and engineering workstations

HARDENINGDo not expose SiteManager or GateManager devices to the Internet or untrusted networks

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade SiteManager to version 9.2.620236042 or later

HOTFIXUpgrade GateManager 8250 to version 9.2.620236042 or later

HOTFIXUpgrade GateManager 4260 and 9250 to version 9.0.20262 or later

Long-term hardening

0/2

HARDENINGSegment control system networks from business networks using firewalls and VLANs

HARDENINGIf remote access is required, use a VPN with up-to-date encryption and keep VPN software patched

CVEs (6)

CVE-2020-11641 CVE-2020-11642 CVE-2020-11643 CVE-2020-11644 CVE-2020-11645 CVE-2020-11646

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/403687f1-496c-436b-900f-1a0361c31dd5