Vulnerability intelligence

CVE-2026-9307

A sensitive information disclosure security issue exists within the affected CompactLogix controllers. The controller's web server exposes CIP Connection IDs on the diagnostics webpage, which are accessible to any unauthenticated user on the network. This information can be leveraged by an attacker to construct malicious packets, leading to Denial-of-Service.

CVSS Score

6.3

Medium

EPSS — Exploit Probability

0.0%

Riskier than 0% of all CVEs

Exploitation

Not in CISA KEV

No federal exploitation record

Remediation

unknown

Check vendor advisories

NVD entry PoC / advisory

1 article across 1 outlet · first covered Jun 16, 2026 · latest Jun 16, 2026

Coverage timeline

Rockwell CompactLogix flaws leak data, allow DoS attacks
www.cisa.gov · Jun 16, 2026