August 2, 2024 at 08:12AM
Rockwell Automation’s Logix programmable logic controllers (PLCs) were found to have a high-severity security bypass vulnerability by Claroty. The flaw, tracked as CVE-2024-6242, impacts ControlLogix 1756 devices and other controllers. Both Rockwell and CISA issued advisories and released patches. Exploitation requires network access to the targeted device, presenting serious implications.
Based on the meeting notes, the key takeaways are:
1. A high-severity security bypass vulnerability has been discovered in certain Logix programmable logic controllers (PLCs) made by Rockwell Automation by industrial cybersecurity firm Claroty.
2. The vulnerability, tracked as CVE-2024-6242, affects Rockwell Automation’s ControlLogix 1756 devices and other controllers such as GuardLogix. Patches have been released for each supported product and mitigations are also available.
3. The vulnerability allows a threat actor to bypass the Trusted Slot feature in a ControlLogix controller, potentially enabling them to execute CIP commands that modify user projects and/or device configuration on a Logix controller in the chassis.
4. The attack involves the 1756 chassis, common industrial protocol (CIP) used by 1756 PLCs for communication, and the backplane. Claroty discovered a vulnerability in a chassis security feature named ‘trusted slot’.
5. Claroty noted that while the vulnerability could have serious implications, exploitation requires network access to the targeted device.
Related articles:
– APT Exploit Targeting Rockwell Automation Flaws Threatens Critical Infrastructure
– Rockwell Automation Patches High-Severity Vulnerabilities in FactoryTalk View SE
– Organizations Informed of 10 Vulnerabilities in Rockwell Automation Products