CVE-2026-9307

Vulnerability Description

A sensitive information disclosure security issue exists within the affected CompactLogix controllers. The controller's web server exposes CIP Connection IDs on the diagnostics webpage, which are accessible to any unauthenticated user on the network. This information can be leveraged by an attacker to construct malicious packets, leading to Denial-of-Service.

Vulnerability Details

Published Date

June 16, 2026

Last Modified

June 16, 2026

CWE ID

CWE-497

Source

NVD

External References

https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1776.html

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment