QSearchQSearch

CVE-2026-9307

A sensitive information disclosure security issue exists within the affected CompactLogix controllers

Published: 2026-06-16 · Last updated: 2026-06-16

Severity and scoring

CWE
CWE-497

Description

A sensitive information disclosure security issue exists within the affected CompactLogix controllers. The controller's web server exposes CIP Connection IDs on the diagnostics webpage, which are accessible to any unauthenticated user on the network. This information can be leveraged by an attacker to construct malicious packets, leading to Denial-of-Service.

Source: NVD

References

Related CVEs

Same CWE

  • CVE-2026-52694 Unauthenticated Sensitive Data Exposure in Signature Add-On for WooCommerce <= 2.0 versions (7.5 HIGH)
  • CVE-2026-49068 Subscriber Sensitive Data Exposure in Coupon Affiliates <= 7.8.1 versions (7.5 HIGH)
  • CVE-2026-49066 Unauthenticated Sensitive Data Exposure in Conekta Payment Gateway <= 6.0.0 versions (7.5 HIGH)
  • CVE-2026-49056 Unauthenticated Sensitive Data Exposure in WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels <= 4.9.4 versions (7.5 HIGH)
  • CVE-2026-48878 Subscriber Sensitive Data Exposure in Visual Link Preview <= 2.4.1 versions (6.5 MEDIUM)