Rockwell Automation CompactLogix 5370 Controllers – Multiple Vulnerabilities_CVE-2026-9307

6.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Description

A sensitive information disclosure security issue exists within the affected CompactLogix controllers. The controller's web server exposes CIP Connection IDs on the diagnostics webpage, which are accessible to any unauthenticated user on the network. This information can be leveraged by an attacker to construct malicious packets, leading to Denial-of-Service.

Basic Information

ID CVE-2026-9307

Source Rockwell

Published Jun 16, 2026 at 13:42

Affected Product

Vendor Rockwell Automation

Product CompactLogix 5370

Version V36

Affected Versions Rockwell Automation CompactLogix 5370 V36

CWE Classification

CWE-497

References

www.rockwellautomation.com /en-us/trust-center/security-advisories/advisory.SD1776.html

{
    "lastseen": "",
    "description": "A sensitive information disclosure security issue exists within the affected CompactLogix controllers. The\u00a0controller's\u00a0web server exposes CIP Connection IDs on the diagnostics webpage, which are accessible to any unauthenticated user on the network. This information can be\u00a0leveraged\u00a0by an attacker to construct malicious packets, leading to Denial-of-Service.",
    "published": "2026-06-16T13:42:08.999Z",
    "modified": "2026-06-16T13:42:08.999Z",
    "type": "cve",
    "title": "Rockwell Automation CompactLogix 5370 Controllers \u2013 Multiple Vulnerabilities",
    "source": "Rockwell",
    "references": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1776.html",
    "id": "CVE-2026-9307",
    "bulletinFamily": "",
    "cwe": [
        "CWE-497"
    ],
    "cvelist": null,
    "sourceData": "Rockwell Automation CompactLogix 5370 V36",
    "sourceHref": "",
    "cvss": {
        "score": 6.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "CompactLogix 5370",
    "version": "V36",
    "vendor": "Rockwell Automation",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}