ABB B&R PVI
Summary
ABB has released an update to address a vulnerability in its B&R PVI client application. The vulnerability could allow an authenticated local attacker to read sensitive information from logging data, although logging is disabled by default. This issue affects versions prior to 6.5.0.
IFF Assessment
The identified vulnerability allows for the potential exposure of sensitive information, which is detrimental to defenders.
Severity
The CVSS score of 5.0 is estimated based on the vulnerability's ability to read sensitive information from logs. While it requires authentication and logging to be enabled, it still presents a moderate risk of information disclosure.
Defender Context
This alert highlights a vulnerability in an industrial control system component, underscoring the importance of patching and secure configuration for OT environments. Defenders should be aware of such vulnerabilities impacting critical infrastructure and ensure logging mechanisms are not unnecessarily exposed.