{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/products/abb-br-pvi/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":5,"id":"CVE-2026-0936"}],"_cs_exploited":false,"_cs_products":["ABB B\u0026R PVI"],"_cs_severities":["medium"],"_cs_tags":["ics","industrial control systems","credential access","logging"],"_cs_type":"advisory","_cs_vendors":["ABB"],"content_html":"\u003cp\u003eABB became aware of a vulnerability in ABB B\u0026amp;R PVI client versions prior to 6.5.0 (CVE-2026-0936). An attacker who successfully exploits this vulnerability could read sensitive information, including credentials, in the logging data of the PVI client application. It is important to note that logging is deactivated by default in all PVI client versions. However, if a user explicitly enables logging for troubleshooting or debugging purposes, the application may write sensitive information to log files, which can be accessed by a local attacker with appropriate privileges. This vulnerability affects the energy sector primarily, with deployments worldwide. ABB recommends that customers apply the update to version 6.5.0 at their earliest convenience.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker gains local access to a system with an affected version of ABB B\u0026amp;R PVI (\u0026lt;6.5.0) installed.\u003c/li\u003e\n\u003cli\u003eThe attacker identifies that PVI client-side application logging is enabled. Note: This is not enabled by default.\u003c/li\u003e\n\u003cli\u003eThe attacker locates the log files generated by the PVI client application. The storage path is user-defined when enabling logging.\u003c/li\u003e\n\u003cli\u003eThe attacker reads the log files, searching for sensitive information such as usernames, passwords, or API keys that the PVI client application processed and inadvertently wrote to the logs.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the extracted credentials to gain unauthorized access to systems or data accessible by the PVI client application.\u003c/li\u003e\n\u003cli\u003eThe attacker may escalate privileges using the compromised credentials depending on the permissions associated with the compromised account.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-0936 allows a local attacker to potentially obtain sensitive information, including credentials, that are logged by the ABB B\u0026amp;R PVI client application. The logging function is not enabled by default, which reduces the attack surface. However, if logging is enabled for troubleshooting purposes, the application may inadvertently log sensitive data. The impact is primarily on the energy sector due to the use of ABB B\u0026amp;R PVI in industrial control systems. An attacker could potentially use the compromised credentials to gain unauthorized access to control systems, potentially leading to disruption of operations or data breaches.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade ABB B\u0026amp;R PVI to version 6.5.0 or later to remediate CVE-2026-0936.\u003c/li\u003e\n\u003cli\u003eIf upgrading is not immediately feasible, ensure that PVI client-side application logging is disabled unless required for troubleshooting (CVE-2026-0936).\u003c/li\u003e\n\u003cli\u003eIf logging is enabled, ensure the storage path for the log files is properly secured to restrict access to only authorized users as mentioned in the advisory\u0026rsquo;s mitigation steps (CVE-2026-0936).\u003c/li\u003e\n\u003cli\u003eEnable Sysmon process creation logging to detect potential unauthorized access or privilege escalation attempts following credential compromise and deploy the provided sigma rule to your SIEM.\u003c/li\u003e\n\u003cli\u003eRegularly review and securely delete client-side logging information when it is no longer needed as a general security best practice (CVE-2026-0936).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-06T12:00:00Z","date_published":"2026-05-06T12:00:00Z","id":"/briefs/2026-05-abb-br-pvi-log-vuln/","summary":"An authenticated local attacker can gather credential information from ABB B\u0026R PVI client application logs when logging is enabled, addressed in version 6.5.0 (CVE-2026-0936).","title":"ABB B\u0026R PVI Sensitive Information Logging Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-05-abb-br-pvi-log-vuln/"}],"language":"en","title":"CraftedSignal Threat Feed — ABB B\u0026R PVI","version":"https://jsonfeed.org/version/1.1"}