CVE-2026-0936 is a vulnerability classified under CWE-532, which pertains to the insertion of sensitive information into log files. The affected product is the Process Visualization Interface (PVI) client from B&R Industrial Automation GmbH, specifically versions prior to 6.5, including versions 4 and 6. The vulnerability arises because the PVI client, when logging is enabled, records sensitive credential information in its log files. This logging function is disabled by default, meaning that exploitation requires an explicit action by the user or administrator to enable logging. An attacker must have authenticated local access with limited privileges to the system running the PVI client to exploit this vulnerability. The attacker can then access the logs to retrieve sensitive credential data, potentially leading to further compromise. The CVSS v4.0 score is 5.1 (medium severity), reflecting the limited attack vector (local), low attack complexity, no requirement for authentication beyond local access, and the necessity of user interaction to enable logging. The vulnerability does not affect confidentiality, integrity, or availability directly beyond the exposure of credentials in logs. There are no known exploits in the wild, and no patches have been linked yet, so mitigation relies on configuration management and access controls.

For European organizations using B&R Industrial Automation GmbH's PVI client versions prior to 6.5, this vulnerability poses a risk of credential exposure through log files if logging is enabled. Since the PVI client is used in industrial automation environments, exposure of credentials could lead to unauthorized access to industrial control systems or process visualization data. This could disrupt operational technology (OT) environments, potentially causing production downtime or safety risks. The impact is primarily on confidentiality, as sensitive credentials could be extracted by an authenticated local attacker. However, the requirement for local access and explicit enabling of logging limits the scope and ease of exploitation. European organizations with strict OT security policies and controlled local access may face lower risk, but those with less stringent controls or shared user environments could be more vulnerable. The lack of known exploits reduces immediate risk but does not eliminate the need for proactive mitigation.

European organizations should ensure that logging in the PVI client is disabled unless absolutely necessary. If logging must be enabled for troubleshooting or auditing, access to log files should be strictly controlled using file system permissions and monitored for unauthorized access. Local user accounts should be limited to trusted personnel, and the principle of least privilege should be enforced to reduce the risk of an authenticated local attacker. Regular audits of logging configurations and log file contents should be conducted to detect any inadvertent exposure of sensitive information. Additionally, organizations should monitor for updates or patches from B&R Industrial Automation GmbH and apply them promptly once available. Network segmentation and endpoint protection on systems running the PVI client can further reduce the risk of local exploitation. Finally, educating local users about the risks of enabling logging and proper credential handling is recommended.