Description
A sensitive information disclosure security issue exists within the affected CompactLogix controllers. The controller's web server exposes CIP Connection IDs on the diagnostics webpage, which are accessible to any unauthenticated user on the network. This information can be leveraged by an attacker to construct malicious packets, leading to Denial-of-Service.
Published: 2026-06-16
Score: 6.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A sensitive information disclosure flaw exists in the CompactLogix 5370 controllers’ web server. The diagnostics page unintentionally exposes CIP Connection IDs to anyone on the network without authentication. An attacker who obtains these IDs can construct malicious CIP packets, which may overwhelm the controller and result in a denial‑of‑service.

Affected Systems

The vulnerability affects Rockwell Automation CompactLogix 5370 controllers. No specific firmware versions are listed, so all deployments of this model should be considered at risk until the patch is applied.

Risk and Exploitability

The CVSS score of 6.3 indicates moderate severity, while the EPSS score of less than 1% suggests a low likelihood of exploitation. The flaw is not currently listed in CISA’s KEV catalog. The attack vector is likely local‑network based, accessing the web server without authentication. Overall risk is moderate, but exploitation probability remains low.

Generated by OpenCVE AI on June 17, 2026 at 21:35 UTC.

Remediation

Vendor Solution

V38.011 https://compatibility.rockwellautomation.com/Pages/MultiProductFindDownloads.aspx

OpenCVE Recommended Actions

  • Apply the official Rockwell Automation patch V38.011 (downloadable from the provided link).
  • If immediate patching is not possible, restrict or disable the diagnostics webpage to prevent unauthenticated access.
  • Implement network segmentation or firewall rules to limit direct access to the controller’s web interface from untrusted network segments.

Generated by OpenCVE AI on June 17, 2026 at 21:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Rockwellautomation
Rockwellautomation compactlogix 5370
Vendors & Products Rockwellautomation
Rockwellautomation compactlogix 5370

Tue, 16 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 16 Jun 2026 15:00:00 +0000

Type Values Removed Values Added
Description A sensitive information disclosure security issue exists within the affected CompactLogix controllers. The controller's web server exposes CIP Connection IDs on the diagnostics webpage, which are accessible to any unauthenticated user on the network. This information can be leveraged by an attacker to construct malicious packets, leading to Denial-of-Service.
Title Rockwell Automation CompactLogix 5370 Controllers – Multiple Vulnerabilities
Weaknesses CWE-497
References
Metrics cvssV4_0

{'score': 6.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Rockwellautomation Compactlogix 5370
cve-icon MITRE

Status: PUBLISHED

Assigner: Rockwell

Published:

Updated: 2026-06-16T17:49:40.834Z

Reserved: 2026-05-22T18:09:17.609Z

Link: CVE-2026-9307

cve-icon Vulnrichment

Updated: 2026-06-16T15:22:50.264Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-16T15:16:45.223

Modified: 2026-06-16T15:26:04.250

Link: CVE-2026-9307

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-16T16:30:16Z

Weaknesses
  • CWE-497

    Exposure of Sensitive System Information to an Unauthorized Control Sphere