Rockwell Automation ControlLogix 1756 devices have been found to possess a high-security security bypass vulnerability that might be leveraged to execute commands for the standard industrial protocol, including programming and configuration.
It has been discovered that Rockwell Automation ControlLogix 1756 devices have a high-severity security bypass vulnerability that might be used to carry out programming and configuration commands for the common industrial protocol (CIP). With the CVE identifier CVE-2024-6242, the vulnerability has an 8.4 CVSS v3.1 score. The United States Cybersecurity and Infrastructure Security Agency (CISA) stated in an advisory that “a threat actor can circumvent the Trusted Slot feature in a ControlLogix controller by exploiting a vulnerability that exists in the affected products.”
A threat actor may be able to utilize any compromised module in a 1756 chassis to carry out CIP commands that alter user projects and/or device configuration on a Logix controller within the chassis.” The vulnerability was found and disclosed by the operational technology security company Claroty, which also claimed to have created a method that allowed malicious orders to be sent to the programming logic controller (PLC) CPU without using the trusted slot function.
According to security expert Sharon Brizinov, the trusted slot function “enforces security policies and allows the controller to deny communication via untrusted paths on the local chassis.” “The vulnerability we found in Rockwell devices, before it was fixed, allowed an attacker to jump between local backplane slots within a 1756 chassis using CIP routing, traversing the security boundary meant to protect the CPU from untrusted cards.” Even if the attacker is hidden behind an untrusted network card, they can still use the flaw to transmit elevated commands, such as uploading arbitrary logic to the PLC CPU, even though a successful exploit requires network access to the device.
The following versions have addressed the problem after responsible disclosure: Update to versions V32.016, V33.015, V34.014, V35.011, and later for ControlLogix 5580 (1756-L8z). Update to versions V32.016, V33.015, V34.014, V35.011, and later for GuardLogix 5580 (1756-L8zS). 1756-EN4TR: Upgrade to V5.001 and above versions. Update to version V12.001 and later for 1756-EN2T Series D, 1756-EN2F Series C, 1756-EN2TR Series C, 1756-EN3TR Series B, and 1756-EN2TP Series A.
“This vulnerability in Rockwell had the potential to expose critical control systems to unauthorized access over the CIP protocol that originated from untrusted chassis slots,” Brizinov stated.
Also read: Achieving Rapid Outcomes with AI-Driven Cloud Analytics
Do Follow: CIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter
About us:
CIO News is the premier platform dedicated to delivering the latest news, updates, and insights from the CIO industry. As a trusted source in the technology and IT sector, we provide a comprehensive resource for executives and professionals seeking to stay informed and ahead of the curve. With a focus on cutting-edge developments and trends, CIO News serves as your go-to destination for staying abreast of the rapidly evolving landscape of technology and IT. Founded in June 2020, CIO News has rapidly evolved with ambitious growth plans to expand globally, targeting markets in the Middle East & Africa, ASEAN, USA, and the UK.
CIO News is a proprietary of Mercadeo Multiventures Pvt Ltd.
