CVE-2026-9307
Awaiting Analysis Awaiting Analysis - Queue
Information Disclosure in CompactLogix Controllers

Publication date: 2026-06-16

Last updated on: 2026-06-16

Assigner: Rockwell Automation

Description
A sensitive information disclosure security issue exists within the affected CompactLogix controllers. The controller's web server exposes CIP Connection IDs on the diagnostics webpage, which are accessible to any unauthenticated user on the network. This information can be leveraged by an attacker to construct malicious packets, leading to Denial-of-Service.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-16
Last Modified
2026-06-16
Generated
2026-06-16
AI Q&A
2026-06-16
EPSS Evaluated
N/A
NVD
CVE-2026-9307
EUVD
EUVD-2026-37118
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
rockwell_automation compactlogix *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-497 The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability involves sensitive information disclosure through the exposure of CIP Connection IDs on the diagnostics webpage accessible to unauthenticated users. This exposure could potentially lead to unauthorized access or denial-of-service attacks.

However, there is no specific information provided about how this vulnerability directly impacts compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

This vulnerability is a sensitive information disclosure issue found in CompactLogix controllers. The controller's web server exposes CIP Connection IDs on its diagnostics webpage, which can be accessed by any unauthenticated user on the network.

An attacker can use these exposed CIP Connection IDs to craft malicious packets that may lead to a Denial-of-Service (DoS) condition on the affected device.

Impact Analysis

The vulnerability can impact you by allowing an attacker to cause a Denial-of-Service (DoS) on the affected CompactLogix controller. This can disrupt the normal operation of the controller, potentially affecting any systems or processes that rely on it.

Detection Guidance

The vulnerability involves the exposure of CIP Connection IDs on the diagnostics webpage of affected CompactLogix controllers, accessible to any unauthenticated user on the network.

To detect this vulnerability, you can attempt to access the diagnostics webpage of the CompactLogix controller from an unauthenticated network position and check if CIP Connection IDs are visible.

Network scanning tools or HTTP request commands (such as curl or wget) can be used to retrieve the diagnostics webpage content to verify if the sensitive information is exposed.

  • Use curl to fetch the diagnostics page: curl http://<controller-ip>/diagnostics
  • Use a web browser or automated scripts to check for the presence of CIP Connection IDs in the webpage content.
Mitigation Strategies

Immediate mitigation steps include restricting network access to the CompactLogix controller's web server to trusted users only, preventing unauthenticated users from accessing the diagnostics webpage.

Applying firmware updates provided by Rockwell Automation that address this vulnerability is recommended once available.

Monitoring network traffic for suspicious activity related to CIP Connection IDs and implementing network segmentation to isolate the controller can also reduce risk.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-9307. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart