Insertion of Sensitive Information into Logfile_CVE-2026-0936

5.1 / 10

MEDIUM

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Description

An Insertion of Sensitive Information into Log File vulnerability in B&R PVI client versions prior to 6.5 may be abused by an authenticated local attacker to gather credential information which is processed by the PVI client application. The logging function of the PVI client application is disabled by default and must be explicitly enabled by the user.

Basic Information

ID CVE-2026-0936

Source ABB

Published Jan 29, 2026 at 15:30

Affected Product

Vendor B&R Industrial Automation GmbH

Product Process Visualization Interface (PVI)

Version 4

Affected Versions B&R Industrial Automation GmbH Process Visualization Interface (PVI) 4
B&R Industrial Automation GmbH Process Visualization Interface (PVI) 6

CWE Classification

CWE-532

References

www.br-automation.com /fileadmin/SA26P001-2862434c.pdf

{
    "lastseen": "",
    "description": "An Insertion of Sensitive Information into Log File vulnerability in B&R PVI client versions prior to 6.5 may be abused by an authenticated local attacker to gather credential information which is processed by the PVI client application. The logging function of the PVI client application is disabled by default and must be explicitly enabled by the user.",
    "published": "2026-01-29T15:30:48.815Z",
    "modified": "2026-01-29T15:30:48.815Z",
    "type": "cve",
    "title": "Insertion of Sensitive Information into Logfile",
    "source": "ABB",
    "references": "https://www.br-automation.com/fileadmin/SA26P001-2862434c.pdf",
    "id": "CVE-2026-0936",
    "bulletinFamily": "",
    "cwe": [
        "CWE-532"
    ],
    "cvelist": null,
    "sourceData": "B&R Industrial Automation GmbH Process Visualization Interface (PVI) 4\nB&R Industrial Automation GmbH Process Visualization Interface (PVI) 6",
    "sourceHref": "",
    "cvss": {
        "score": 5.1,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Process Visualization Interface (PVI)",
    "version": "4",
    "vendor": "B&R Industrial Automation GmbH",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}