PatchSiren cyber security CVE debrief
CVE-2026-0936 ABB CVE debrief
CVE-2026-0936 is a medium-severity information disclosure issue affecting ABB B&R PVI client versions prior to 6.5.0. According to the advisory, an authenticated local attacker could abuse client-side logging to gather credential information processed by the PVI client. Logging is disabled by default and must be explicitly enabled, which reduces exposure but does not eliminate risk where troubleshooting or debugging logging is turned on.
- Vendor
- ABB
- Product
- PVI
- CVSS
- MEDIUM 5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-01-29
- Original CVE updated
- 2026-05-05
- Advisory published
- 2026-01-29
- Advisory updated
- 2026-05-05
Who should care
Organizations running ABB B&R PVI client software prior to 6.5.0, especially OT/industrial environments where local users, support staff, or shared administrative access can enable client logging. Security and operations teams should care most if client-side troubleshooting logs are used on production systems.
Technical summary
The issue is an Insertion of Sensitive Information into Log File weakness affecting the PVI client side. The advisory states that an authenticated local attacker may obtain credential information that is processed by the PVI client application when logging is enabled. The logging function is disabled by default. The source also notes that the problem does not affect security-related logging of the PVI server component and is corrected in PVI 6.5.0.
Defensive priority
Medium. The vulnerability is local and requires authentication, but it can expose credentials if client logging is enabled in environments where logs are retained or accessible to unintended users. Prioritize remediation for systems that enable PVI client logging for support or analysis.
Recommended defensive actions
- Upgrade ABB B&R PVI to version 6.5.0 or later.
- If immediate upgrading is not possible, keep PVI client logging disabled except when strictly necessary for troubleshooting.
- When logging must be enabled, restrict filesystem access so only the intended user can read the log directory.
- Delete client-side log files securely once they are no longer needed.
- Review any workflows that collect or archive PVI client logs to ensure sensitive information is not retained longer than necessary.
Evidence notes
The source advisory (ICSA-26-125-02, republished from ABB PSIRT SA26P001) states: the affected product is B&R PVI client versions prior to 6.5; the issue may be abused by an authenticated local attacker to gather credential information processed by the client; and logging is disabled by default. The remediation section says the issue is corrected in PVI 6.5.0 and that the issue is limited to PVI client-side logging, not security-related server logging. CISA’s source item was initially published on 2026-01-29 and republished on 2026-05-05.
Official resources
-
CVE-2026-0936 CVE record
CVE.org
-
CVE-2026-0936 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Published 2026-01-29T00:30:00.000Z; modified 2026-05-05T06:00:00.000Z. CISA’s advisory history indicates an initial publication on the CVE date and a later republication on 2026-05-05 based on ABB PSIRT advisory SA26P001.