Analysis Summary

CVE-2024-6242

A vulnerability exists in Rockwell Automation affected products that allows a threat actor to bypass the Trusted Slot feature in a ControlLogix controller. An attacker could exploit this vulnerability to potentially execute CIP commands that modify user projects and/or device configuration on a Logix controller in the chassis.

Impact

• Security Bypass

Indicators of Compromise

CVE

• CVE-2024-6242

Affected Vendors

Affected Products

• Rockwell Automation 1756-EN2F - 1756-EN2F/C: V10.009
• Rockwell Automation 1756-EN2F - v5.007(unsigned)/v5.027(signed)
• Rockwell Automation 1756-EN2T - 1756-EN2T/D: V10.006
• Rockwell Automation 1756-EN2T - v5.007(unsigned)/v5.027(signed)
• Rockwell Automation 1756-EN2TP - 1756-EN2TP/A: V10.020
• Rockwell Automation 1756-EN2TR - 1756-EN2TR/C: V10.007
• Rockwell Automation 1756-EN2TR - v5.007(unsigned)/v5.027(signed)
• Rockwell Automation 1756-EN3TR - 1756-EN3TR/B: V10.007
• Rockwell Automation 1756-EN3TR - v5.007(unsigned)/v5.027(signed)
• Rockwell Automation 1756-EN4TR - V2
• Rockwell Automation ControlLogix® 5580 (1756-L8z) - V28
• Rockwell Automation GuardLogix® 5580 (1756-L8zS) - V31

Remediation

Refer to Rockwell Website for patch, upgrade or suggested workaround information.

Rockwell Website