August 6, 2024 at 09:05AM
A security vulnerability (CVE-2024-6242, CVSS 8.4) in Rockwell Automation ControlLogix 1756 devices allows remote attackers to send elevated commands, compromising operational technology. The bug bypasses Rockwell’s trusted slot mechanism, enabling unauthorized access to critical infrastructure. To mitigate, apply Rockwell’s patches immediately to affected devices widely used in industrial manufacturing environments.
Based on the meeting notes, here are the key takeaways:
– An important security bypass vulnerability in Rockwell Automation ControlLogix 1756 devices allows potential cyberattacks on the operational technology that controls physical processes.
– The vulnerability, known as CVE-2024-6242 and rated with a CVSS score of 8.4, could enable remote attackers with network access to send elevated commands to the CPU of a programmable logic controller (PLC) from an untrusted chassis card.
– This vulnerability can allow successful attackers to download new logic for controlling a PLC’s behavior and interfere with physical operations at a manufacturing site.
– Rockwell has released a fix, and it is crucial for users to apply it immediately. CISA has also published mitigation advice, noting that exploitation of this vulnerability is considered a low-complexity endeavor.
– The affected products include ControlLogix, GuardLogix, and 1756 ControlLogix I/O Modules, which are widely used in industrial manufacturing environments.
Also, to mitigate potential unauthorized access over the CIP protocol, administrators are advised to apply the following updates:
1. ControlLogix 5580 (1756-L8z) – Update to versions V32.016, V33.015, V34.014, V35.011, and later.
2. GuardLogix 5580 (1756-L8zS) – Update to versions V32.016, V33.015, V34.014, V35.011 and later.
3. 1756-EN4TR – Update to versions V5.001 and later.
4. 1756-EN2T Series D, 1756-EN2F Series C, 1756-EN2TR Series C, 1756-EN3TR Series B, and 1756-EN2TP Series A – Update to version V12.001 and later.