CVE Catalog

CVE-2026-9307

MediumCVSS 6.3
Published: Updated: Translated: NVD NIST

Summary

A sensitive information disclosure issue exists within the affected CompactLogix controllers. The controller's web server exposes CIP Connection IDs on the diagnostics webpage, accessible to any unauthenticated user on the network.

Risk Assessment

An attacker can leverage this information to construct malicious packets, potentially leading to a Denial-of-Service attack.

Recommendation

It is recommended to secure access to the controller's diagnostics webpage and monitor network traffic for potential attack attempts.

Original NVD description (English source)

A sensitive information disclosure security issue exists within the affected CompactLogix controllers. The controller's web server exposes CIP Connection IDs on the diagnostics webpage, which are accessible to any unauthenticated user on the network. This information can be leveraged by an attacker to construct malicious packets, leading to Denial-of-Service.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS