Critical Security Bypass Vulnerability Found in Rockwell Automation ControlLogix 1756 Devices

August 5, 2024

A significant security bypass vulnerability, identified as CVE-2024-6242, has been revealed in Rockwell Automation ControlLogix 1756 devices. This flaw could potentially be exploited by cybercriminals to execute common industrial protocol (CIP) programming and configuration commands.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory stating, 'A vulnerability exists in the affected products that allows a threat actor to bypass the Trusted Slot feature in a ControlLogix controller. If exploited on any affected module in a 1756 chassis, a threat actor could potentially execute CIP commands that modify user projects and/or device configuration on a Logix controller in the chassis.'

The vulnerability was discovered and reported by operational technology security firm Claroty. They developed a method to bypass the trusted slot feature and send harmful commands to the programming logic controller (PLC) CPU. According to security researcher Sharon Brizinov, 'The trusted slot feature enforces security policies and allows the controller to deny communication via untrusted paths on the local chassis. The vulnerability we found, before it was fixed, allowed an attacker to jump between local backplane slots within a 1756 chassis using CIP routing, traversing the security boundary meant to protect the CPU from untrusted cards.'

While successful exploitation requires network access to the device, an attacker could leverage the flaw to send elevated commands, including downloading arbitrary logic to the PLC CPU, even from an untrusted network card.

Following responsible disclosure, the vulnerability has been fixed in the latest versions. 'This vulnerability had the potential to expose critical control systems to unauthorized access over the CIP protocol that originated from untrusted chassis slots,' Brizinov concluded.

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.