Critical vulnerability in Rockwell Automation devices could allow unauthorized access

5 August 2024 2 minutes Author: Newsman

A high-severity vulnerability in Rockwell Automation ControlLogix 1756 devices, identified as CVE-2024-6242, could be used to execute Common Industrial Protocol (CIP) programming and configuration commands.

According to a notice from the US Cybersecurity and Infrastructure Security Agency (CISA), the vulnerability allows an attacker to bypass the Trusted Slot feature in a ControlLogix controller. Claroty, which discovered and reported the vulnerability, developed a technique to bypass the Trusted Slot feature and send malicious commands to a programmable logic controller (PLC) CPU. The vulnerability received a CVSS v3.1 score of 8.4, indicating high severity.

The vulnerability allows an attacker to bypass the Trusted Slot feature, which ensures the security of communication paths in the local chassis. Successful exploitation of the vulnerability requires access to the device’s network and allows sending elevated commands, including loading arbitrary logic to the PLC CPU. An attacker could use this vulnerability to modify device configuration and user projects.

After responsible disclosure, the vulnerability was fixed in the following versions:

  • ControlLogix 5580 (1756-L8z): Update to Versions V32.016, V33.015, V34.014, V35.011.

  • GuardLogix 5580 (1756-L8zS): Update to Versions V32.016, V33.015, V34.014, V35.011.

  • 1756-EN4TR: Update to Versions V5.001.

  • 1756-EN2T Series D, 1756-EN2F Series C, 1756-EN2TR Series C, 1756-EN3TR Series B, і 1756-EN2TP Series A: Update to Versions V12.001.

This vulnerability could open critical control systems to unauthorized access via the CIP protocol originating from untrusted chassis slots. Rockwell Automation has already released relevant updates to protect devices from this threat.

Other related articles
News
Read more
The attackers’ attack resulted in the shutdown of 300 Indian banks
The Reserve Bank of India has isolated more than 300 small banks due to a hacker attack on C-Edge Technologies that caused payment systems to go down. Affected banks make up only 0.5% of the volume of the Indian payment system. NPCI is conducting an audit to prevent the attack from spreading. Indian banks have been warned about possible cyber attacks.
294
News
Read more
The US released famous Russian hackers during a prisoner exchange
The US has released notorious Russian hackers Roman Seleznev and Vladyslav Klyushin in a historic prisoner swap involving several countries. The prisoner exchange underscores the importance of international cooperation in security and human rights issues. Seleznyov and Klyushin were convicted of major cybercrimes in the United States.
312
Found an error?
If you find an error, take a screenshot and send it to the bot.