CVE-2026-9307

N/A

View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service condition. The following versions of Rockwell Automation CompactLogix are aff...

Affects 0 products across 1 vendor.

CVSS v46.3
EPSS0.3%
Percentile22th
PatchUnknown
CWE Weakness Definitions
CWE-497: CWE-497
◆ SAGE Intelligence — CITED Relevance Research Team

Rockwell Automation CompactLogix 5370 series PLCs (L1, L2, L3) are affected by two vulnerabilities: Improper Validation of Integrity Check Value and Exposure of Sensitive System Information to an Unauthorized Control Sphere, both carrying a CVSS v3 score of 7.5. A remote attacker can exploit these flaws to cause a denial-of-service condition, potentially halting industrial control processes. In OT environments, a successful DoS against these PLCs could result in loss of control over physical processes, production downtime, and safety risks depending on the controlled system.

Is this CVE in your environment?

BreachSpider monitors your ICS/OT environment for vulnerabilities like this one. No agents or network access required. Free to start.

Check My Environment →
Frequently Asked Questions
What is CVE-2026-9307?
Rockwell Automation CompactLogix 5370 series PLCs (L1, L2, L3) are affected by two vulnerabilities: Improper Validation of Integrity Check Value and Exposure of Sensitive System Information to an Unauthorized Control Sphere, both carrying a CVSS v3 score of 7.5. A remote attacker can exploit these flaws to cause a denial-of-service condition, potentially halting industrial control processes. In OT environments, a successful DoS against these PLCs could result in loss of control over physical pro
Is CVE-2026-9307 actively exploited?
No confirmed active exploitation of CVE-2026-9307 as of 2026-06-24.
How do I remediate CVE-2026-9307?
Vendor patch expected to add proper integrity check validation for incoming CIP messages and restrict exposure of sensitive system information over the EtherNet/IP interface; specific fixed firmware version not yet publicly disclosed at time of analysis. Advisory: https://www.rockwellautomation.com/en-us/support/advisory.SD1696.html
What systems are affected by CVE-2026-9307?
CVE-2026-9307 affects: Rockwell Automation.
Vulnerability Details
CVE IDCVE-2026-9307
Published2026-06-16
Last Modified2026-06-16
ICS Relevance65%
Weakness (CWE)
SourceNVD
Official Description

View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service condition. The following versions of Rockwell Automation CompactLogix are affected: CompactLogix 5370 L1 CompactLogix 5370 L2 CompactLogix 5370 L3 CVSS Vendor Equipment Vulnerabilities v3 7.5 Rockwell Automation Rockwell Automation CompactLogix Improper Validation of Integrity Check Value, Exposure of Sensitive System Information to an Unauthorized Control Sphere Background Cri

Source: NIST NVD / MITRE CVE Database

Affected Products
VendorProductFixed Version
Rockwell Automation —
Remediation

Vendor patch expected to add proper integrity check validation for incoming CIP messages and restrict exposure of sensitive system information over the EtherNet/IP interface; specific fixed firmware version not yet publicly disclosed at time of analysis.

View Vendor Advisory →
Threat Intelligence
● Threat Intelligence Validated: July 2026 | Threat Age: 26 Days
CISA KEVNot in KEV catalog
Public ExploitNot confirmed
PoC CodeNot confirmed
● Virtual Patch — CITED Relevance SAGE Engine LOW CONFIDENCE

Deploy the virtual patch rule on IDS/IPS sensors positioned inline or in monitoring mode on all network segments containing CompactLogix 5370 PLCs. Block all inbound EtherNet/IP (TCP/UDP port 44818 and UDP port 2222) traffic from any source not explicitly whitelisted as an authorized engineering workstation or SCADA server. Additionally, block all outbound CIP traffic from PLCs to untrusted networks at the iDMZ firewall. Implement strict allowlist-based ACLs on managed switches serving the OT LAN.

No reliable network detection signature exists for this vulnerability class — apply the compensating controls above and the vendor patch. SAGE only publishes a network rule when a concrete on-the-wire signature can be grounded in the advisory.

Virtual patch generated by CITED Relevance SAGE. Validate in isolated environment before production deployment. Compensating control only - does not replace vendor patch.

Related CVEs affecting Rockwell Automation
CVE-2017-16740 10.0 A Buffer Overflow issue was discovered in Rockwell Automation Allen-Bradley M... CVE-2012-4715 10.0 Buffer overflow in LogReceiver.exe in Rockwell Automation RSLinx Enterprise C... CVE-2009-3739 10.0 Multiple unspecified vulnerabilities on the Rockwell Automation AB Micrologix... CVE-2016-9343 10.0 An issue was discovered in Rockwell Automation Logix5000 Programmable Automat... CVE-2020-14516 10.0 In Rockwell Automation FactoryTalk Services Platform Versions 6.10.00 and 6.1...
View all Rockwell Automation CVEs →

ICS/OT Vulnerability Intelligence for Your Environment

BreachSpider monitors 353,228 CVEs across ICS/OT vendors. SAGE-enriched alerts with virtual patches, NERC-CIP mapping, and PSIRT contacts delivered to your SIEM in minutes.

Join free →