6.3
CVE-2026-9307
- EPSS 0.3%
- Veröffentlicht 16.06.2026 13:42:08
- Zuletzt bearbeitet 16.06.2026 15:26:04
- Quelle PSIRT@rockwellautomation.com
- CVE-Watchlists
- Unerledigt
Rockwell Automation CompactLogix 5370 Controllers – Multiple Vulnerabilities
A sensitive information disclosure security issue exists within the affected CompactLogix controllers. The controller's web server exposes CIP Connection IDs on the diagnostics webpage, which are accessible to any unauthenticated user on the network. This information can be leveraged by an attacker to construct malicious packets, leading to Denial-of-Service.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerRockwell Automation
≫
Produkt
CompactLogix 5370
Default Statusunaffected
Version
V36
Status
affected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.3% | 0.213 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| PSIRT@rockwellautomation.com | 6.3 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere
The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.
https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1776.html