CVE-2026-0936
📋 TL;DR
An authenticated local attacker can exploit this vulnerability in B&R PVI client versions prior to 6.5 to gather credential information from log files. The vulnerability only affects systems where logging has been explicitly enabled by the user, as it's disabled by default.
💻 Affected Systems
- B&R PVI Client
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
An authenticated attacker with local access could extract sensitive credentials from log files, potentially leading to privilege escalation or lateral movement within the network.
Likely Case
An authenticated user with local access could read credential information from improperly secured log files, compromising the security of the affected system.
If Mitigated
With logging disabled (default configuration) and proper access controls, the vulnerability presents minimal risk.
🎯 Exploit Status
Exploitation requires authenticated local access and logging to be enabled. The attacker would need to locate and read the log files containing sensitive information.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 6.5 or later
Vendor Advisory: https://www.br-automation.com/fileadmin/SA26P001-2862434c.pdf
Restart Required: Yes
Instructions:
1. Download PVI client version 6.5 or later from B&R Automation website. 2. Install the updated version following vendor instructions. 3. Restart the system to ensure changes take effect.
🔧 Temporary Workarounds
Disable Logging
windowsDisable the logging functionality in PVI client to prevent sensitive information from being written to log files.
Configure PVI client settings to disable logging functionality
Restrict Log File Access
windowsApply strict file permissions to log directories to prevent unauthorized access.
icacls "C:\ProgramData\BR\PVI\Logs" /deny Users:(R,W,X)
icacls "C:\ProgramData\BR\PVI\Logs" /grant Administrators:(F)
🧯 If You Can't Patch
- Ensure logging functionality remains disabled in PVI client configuration.
- Implement strict access controls on log directories and files to prevent unauthorized reading.
🔍 How to Verify
Check if Vulnerable:
Check PVI client version in About dialog or registry: HKEY_LOCAL_MACHINE\SOFTWARE\BR\PVI\Version. If version is below 6.5 and logging is enabled, system is vulnerable.Check Version:
reg query "HKLM\SOFTWARE\BR\PVI" /v VersionVerify Fix Applied:
Verify PVI client version is 6.5 or higher and check that logging is either disabled or properly secured.📡 Detection & Monitoring
Log Indicators:
- Unauthorized access attempts to PVI log files
- Suspicious reads of log files containing credential patterns
Network Indicators:
- Local file access patterns to PVI log directories
SIEM Query:
EventID=4663 AND ObjectName LIKE '%PVI%Logs%' AND AccessMask=0x1