Home technology security High-Severity Security Bypass Vulnerability Discovered in Rockwell Automation Logix Controllers
Security
CIO Bulletin
2024-08-05
Security flaw CVE-2024-6242 affects Rockwell Automation PLCs, potentially allowing unauthorized access and modifications.
A critical security vulnerability, tracked as CVE-2024-6242, has been identified in Rockwell Automation’s Logix programmable logic controllers (PLCs), including ControlLogix 1756 and GuardLogix models. The flaw, uncovered by industrial cybersecurity firm Claroty and confirmed by Rockwell Automation and CISA, exposes these controllers to potential bypass of security mechanisms.
The vulnerability affects the Trusted Slot feature in the ControlLogix 1756 chassis. This feature is intended to block communications from untrusted network cards, ensuring secure interactions within the system. However, Claroty’s research revealed that attackers could bypass this security feature, allowing them to send unauthorized CIP commands that could modify user projects or device configurations.
Claroty's findings describe an attack method that involves exploiting the chassis' backplane—a circuit board connecting various modules within the 1756 chassis—and the Common Industrial Protocol (CIP) used for communication. By bypassing the Trusted Slot security, attackers can traverse the security boundary and potentially gain elevated access to the PLC CPU, even when originating from an untrusted network card.
Rockwell Automation has issued patches for the affected products and provided mitigation measures to address the vulnerability. Organizations using the impacted Logix controllers are advised to apply these updates promptly to secure their systems against potential exploitation.
Digital-marketing
Artificial-intelligence
Lifestyle-and-fashion
Food-and-beverage