CVE-2026-9307
Description
CompactLogix 5370 controllers (firmware V36) expose CIP Connection IDs on the diagnostics webpage to unauthenticated users, enabling DoS attacks.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
CompactLogix 5370 controllers (firmware V36) expose CIP Connection IDs on the diagnostics webpage to unauthenticated users, enabling DoS attacks.
Vulnerability
The CompactLogix 5370 controllers (catalog numbers 1769-L1x, 1769-L2x, 1769-L3x) running firmware version V36 expose CIP Connection IDs on the diagnostics webpage. This sensitive information is accessible to any unauthenticated user on the network [1].
Exploitation
An unauthenticated attacker with network access can retrieve the CIP Connection IDs from the diagnostics webpage. These IDs can then be used to construct malicious packets that trigger a denial-of-service condition on the controller [1].
Impact
Successful exploitation results in the disclosure of sensitive system information, allowing the attacker to cause a denial-of-service, leading to a minor fault on the controller [1].
Mitigation
Rockwell Automation has released firmware version V38.011 to address this vulnerability. Users should upgrade affected CompactLogix 5370 controllers to this version. No workaround is provided [1].
AI Insight generated on Jun 16, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
1News mentions
1- Rockwell Automation CompactLogixCISA ICS Advisories