GateManager Audit Message Spoofing Vulnerability
Description
The information disclosure vulnerability present in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to generate fake audit log messages.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Authenticated users can generate fake audit log messages in B&R GateManager 4260/9250 <9.0.20262 and 8250 <9.2.620236042.
Vulnerability
An information disclosure vulnerability in B&R GateManager allows authenticated users to generate fake audit log messages. The affected versions are GateManager 4260 and 9250 prior to version 9.0.20262, and GateManager 8250 prior to version 9.2.620236042. The vulnerability resides in the audit log functionality, where an authenticated user can inject arbitrary log entries without proper validation [1].
Exploitation
An attacker needs network access and valid low-privileged credentials to the GateManager web interface. By sending crafted requests to the audit log endpoint, the attacker can insert arbitrary log messages. No user interaction is required beyond authentication [1].
Impact
Successful exploitation allows the attacker to forge audit log entries, compromising the integrity of the audit trail. This can be used to hide malicious activities, mislead administrators, or frame other users. The CVSS v3 base score is 7.7 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N) [1].
Mitigation
B&R has released fixed versions: GateManager 4260 and 9250 version 9.0.20262, and GateManager 8250 version 9.2.620236042. Users should update to these or later versions. No workaround is available. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog as of the advisory date [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2<9.0.20262 (models 4260, 9250) / <9.2.620236042 (model 8250)+ 1 more
- (no CPE)range: <9.0.20262 (models 4260, 9250) / <9.2.620236042 (model 8250)
- (no CPE)range: 4260
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- us-cert.cisa.gov/ics/advisories/icsa-20-273-03mitrex_refsource_MISC
- www.br-automation.com/downloads_br_productcatalogue/assets/1600003183751-de-original-1.0.pdfmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.