August 5, 2024 at 02:18AM
A high-severity security bypass vulnerability (CVE-2024-6242, CVSS 8.4) in Rockwell Automation ControlLogix 1756 devices, disclosed by the U.S. Cybersecurity and Infrastructure Security Agency, allows attackers to execute CIP commands, potentially modifying user projects and device configuration. The vulnerability has been addressed in specific device versions after responsible disclosure. Claroty, the operational technology security company, identified and reported the flaw.
Key Takeaways from the Meeting Notes:
– A high-severity security bypass vulnerability, assigned the CVE identifier CVE-2024-6242, has been disclosed in Rockwell Automation ControlLogix 1756 devices.
– The vulnerability could be exploited to execute common industrial protocol (CIP) programming and configuration commands, with a CVSS v3.1 score of 8.4.
– The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory highlighting the vulnerability and its potential impact on affected ControlLogix controllers.
– Claroty, an operational technology security company, discovered and reported the vulnerability and developed a technique to bypass the trusted slot feature, potentially allowing unauthorized access over the CIP protocol.
– Following responsible disclosure, the vulnerability has been addressed in specific versions of ControlLogix 5580, GuardLogix 5580, and certain network modules.
– The vulnerability had the potential to expose critical control systems to unauthorized access over the CIP protocol originating from untrusted chassis slots.
Let me know if you need any more information or if there’s anything else I can assist you with.