ICS: Multiple Johnson Controls Vulnerabilities
August 3, 2024MeterPreter Malware – Active IOCs
August 4, 2024ICS: Multiple Johnson Controls Vulnerabilities
August 3, 2024MeterPreter Malware – Active IOCs
August 4, 2024Severity
High
Analysis Summary
CVE-2024-6242
A vulnerability exists in Rockwell Automation affected products that allows a threat actor to bypass the Trusted Slot feature in a ControlLogix controller. An attacker could exploit this vulnerability to potentially execute CIP commands that modify user projects and/or device configuration on a Logix controller in the chassis.
Impact
- Security Bypass
Indicators of Compromise
CVE
- CVE-2024-6242
Affected Vendors
Affected Products
- Rockwell Automation 1756-EN2F - 1756-EN2F/C: V10.009
- Rockwell Automation 1756-EN2F - v5.007(unsigned)/v5.027(signed)
- Rockwell Automation 1756-EN2T - 1756-EN2T/D: V10.006
- Rockwell Automation 1756-EN2T - v5.007(unsigned)/v5.027(signed)
- Rockwell Automation 1756-EN2TP - 1756-EN2TP/A: V10.020
- Rockwell Automation 1756-EN2TR - 1756-EN2TR/C: V10.007
- Rockwell Automation 1756-EN2TR - v5.007(unsigned)/v5.027(signed)
- Rockwell Automation 1756-EN3TR - 1756-EN3TR/B: V10.007
- Rockwell Automation 1756-EN3TR - v5.007(unsigned)/v5.027(signed)
- Rockwell Automation 1756-EN4TR - V2
- Rockwell Automation ControlLogix® 5580 (1756-L8z) - V28
- Rockwell Automation GuardLogix® 5580 (1756-L8zS) - V31
Remediation
Refer to Rockwell Website for patch, upgrade or suggested workaround information.