PatchSiren cyber security CVE debrief
CVE-2026-9307 Rockwell Automation CVE debrief
A sensitive information disclosure security issue exists within the affected CompactLogix controllers. The controller's web server exposes CIP Connection IDs on the diagnostics webpage, which are accessible to any unauthenticated user on the network. This information can be leveraged by an attacker to construct malicious packets, leading to Denial-of-Service.
- Vendor
- Rockwell Automation
- Product
- CompactLogix 5370
- CVSS
- MEDIUM 6.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-16
- Original CVE updated
- 2026-06-16
- Advisory published
- 2026-06-16
- Advisory updated
- 2026-06-16
Who should care
Administrators and users of CompactLogix controllers should be aware of this vulnerability and take necessary actions to mitigate the risk.
Technical summary
The affected CompactLogix controllers' web server exposes CIP Connection IDs on the diagnostics webpage without requiring authentication. This allows an attacker to access sensitive information and potentially construct malicious packets to cause a Denial-of-Service.
Defensive priority
MEDIUM
Recommended defensive actions
- Update the affected CompactLogix controllers with the latest security patches.
- Restrict access to the diagnostics webpage to authenticated users only.
- Monitor network traffic for suspicious activity.
Evidence notes
The CVE record and NVD detail pages provide information on the vulnerability.
Official resources
-
CVE-2026-9307 CVE record
CVE.org
-
CVE-2026-9307 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-9307 was published on 2026-06-16T15:16:45.223Z and modified on 2026-06-16T15:26:04.250Z.