Medium
An authenticated adversary can read service configuration and other sensitive information and abuse this information for malicious activities on SiteManager instances.
An authenticated adversary can repeatedly trigger a restart of SiteManager instances, thus limiting availability.
An authenticated adversary can gather information about devices belonging to a foreign organization and abuse this information for malicious activities.
An authenticated adversary can fool users of foreign domains with fictional audit messages/alerts of their choice.
An authenticated adversary can repeatedly trigger a restart of GateManager instances, thus limiting their availability.
An authenticated adversary can view information about all devices belonging to their domain and abuse this information for malicious activities.
B&R Industrial Automation GmbH
Users are advised to update to the fixed versions: