ABB B&R PVI Vulnerability (CVE-2026-0936) Patched, Allows Sensitive Information Disclosure
ABB has issued a patch for a vulnerability in its B&R PVI product that could allow attackers to read sensitive logging information.
ABB has released security updates to address a vulnerability in its B&R PVI product. The vulnerability, identified as CVE-2026-0936, could allow an attacker to read sensitive information from the logging data of the PVI client application. Logging is disabled by default in all PVI client versions.
The affected versions include PVI versions prior to 6.5.0 and version 6.5.0. An attacker who successfully exploits this vulnerability could gain unauthorized access to log files, potentially revealing sensitive system or user information. The CVSS score for this vulnerability is 5.0, indicating a moderate severity.
ABB has provided an update that addresses and remediates the vulnerability. Users are advised to update to the latest available version to mitigate the risk. Critical infrastructure sectors, including Energy, and worldwide deployments are potentially affected.