Skip to main content

Compactlogix 5370

2 CVEs product

Monthly

CVE-2026-9307 MEDIUM CISA This Month

Unauthenticated information disclosure in Rockwell Automation CompactLogix 5370 PLCs exposes CIP Connection IDs via the controller's built-in web diagnostics page to any host with network access. The disclosed identifiers can be used by an attacker as a stepping-stone to craft malicious CIP packets, enabling a chained Denial-of-Service attack against active controller connections. No public exploit code or CISA KEV listing has been identified at time of analysis, though the CVSS 4.0 AT:P flag indicates specific network access conditions must be satisfied, which reduces exposure in properly segmented OT environments.

Information Disclosure Compactlogix 5370
NVD
CVSS 4.0
6.3
EPSS
0.3%
CVE-2025-11694 HIGH CISA This Week

Denial-of-service in Rockwell Automation 1769 CompactLogix 5370 controllers allows remote unauthenticated attackers to induce a minor fault on the PLC by abusing Connection IDs exposed via the device's web interface and sending forged CIP traffic. The CVSS 4.0 base score of 8.7 reflects high availability impact with no authentication or user interaction required, and no public exploit has been identified at time of analysis.

Information Disclosure Compactlogix 5370
NVD VulDB
CVSS 4.0
8.7
EPSS
0.2%
EPSS 0% CVSS 6.3
MEDIUM This Month

Unauthenticated information disclosure in Rockwell Automation CompactLogix 5370 PLCs exposes CIP Connection IDs via the controller's built-in web diagnostics page to any host with network access. The disclosed identifiers can be used by an attacker as a stepping-stone to craft malicious CIP packets, enabling a chained Denial-of-Service attack against active controller connections. No public exploit code or CISA KEV listing has been identified at time of analysis, though the CVSS 4.0 AT:P flag indicates specific network access conditions must be satisfied, which reduces exposure in properly segmented OT environments.

Information Disclosure Compactlogix 5370
NVD
EPSS 0% CVSS 8.7
HIGH This Week

Denial-of-service in Rockwell Automation 1769 CompactLogix 5370 controllers allows remote unauthenticated attackers to induce a minor fault on the PLC by abusing Connection IDs exposed via the device's web interface and sending forged CIP traffic. The CVSS 4.0 base score of 8.7 reflects high availability impact with no authentication or user interaction required, and no public exploit has been identified at time of analysis.

Information Disclosure Compactlogix 5370
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy