CVE-2026-9307
MediumCVSS 6.3Summary
A sensitive information disclosure issue exists within the affected CompactLogix controllers. The controller's web server exposes CIP Connection IDs on the diagnostics webpage, accessible to any unauthenticated user on the network.
Risk Assessment
An attacker can leverage this information to construct malicious packets, potentially leading to a Denial-of-Service attack.
Recommendation
It is recommended to secure access to the controller's diagnostics webpage and monitor network traffic for potential attack attempts.
Original NVD description (English source)
A sensitive information disclosure security issue exists within the affected CompactLogix controllers. The controller's web server exposes CIP Connection IDs on the diagnostics webpage, which are accessible to any unauthenticated user on the network. This information can be leveraged by an attacker to construct malicious packets, leading to Denial-of-Service.

