Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
June 2, 2023
Severity High Analysis Summary Shuckworm APT – aka Actinium, Armageddon, Primitive Bear, Gamaredon, and Trident Ursa – is a Russia-backed advanced persistent threat (APT) that has […]June 2, 2023Severity High Analysis Summary StormKitty information stealer is designed to compromise sensitive data from infected systems, such as login credentials, passwords, cryptocurrency wallets, and other valuable […]June 2, 2023Severity High Analysis Summary Tofsee malware has been around since 2016. Once installed on a compromised computer, it can be used to send spam emails and […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
June 2, 2023Severity High Analysis Summary Shuckworm APT – aka Actinium, Armageddon, Primitive Bear, Gamaredon, and Trident Ursa – is a Russia-backed advanced persistent threat (APT) that has […]June 2, 2023Severity High Analysis Summary StormKitty information stealer is designed to compromise sensitive data from infected systems, such as login credentials, passwords, cryptocurrency wallets, and other valuable […]June 2, 2023Severity High Analysis Summary Tofsee malware has been around since 2016. Once installed on a compromised computer, it can be used to send spam emails and […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Rewterz Threat Alert – Targeted Attacks on Oil and Gas Supply Chain Industries in the Middle East
October 1, 2020Rewterz Threat Alert – Malicious Cyber Activity in an Enterprise Network
October 1, 2020
Severity
Medium
Analysis Summary
CVE-2020-11641
An authenticated adversary can read service configuration and other sensitive information and abuse this information for malicious activities on SiteManager instances.
CVE-2020-11642
An authenticated adversary can repeatedly trigger a restart of SiteManager instances, thus limiting availability.
CVE-2020-11643
An authenticated adversary can gather information about devices belonging to a foreign organization and abuse this information for malicious activities.
CVE-2020-11644
An authenticated adversary can fool users of foreign domains with fictional audit messages/alerts of their choice.
CVE-2020-11645
An authenticated adversary can repeatedly trigger a restart of GateManager instances, thus limiting their availability.
CVE-2020-11646
An authenticated adversary can view information about all devices belonging to their domain and abuse this information for malicious activities.
Impact
- Information disclosure
- Denial-of-service
Affected Vendors
B&R Industrial Automation GmbH
Affected Products
- SiteManager all versions prior to v9.2.620236042
- GateManager 4260 and 9250 all versions prior to v9.0.20262
- GateManager 8250 all versions prior to v9.2.620236042
Remediation
Users are advised to update to the fixed versions:
- SiteManager v9.2.620236042
- GateManager 4260 and 9250 v9.0.20262
- GateManager 8250 v9.2.620236042