Critical Security Flaw in Rockwell Automation’s ControlLogix 1756 PLCs Threatens Industrial Manufacturing

August 6, 2024

A serious security flaw has been detected in Rockwell Automation's ControlLogix 1756 programmable logic controllers (PLCs). This vulnerability, identified as CVE-2024-6242, could enable unauthorized access and tampering with physical operations at industrial facilities. The security bypass vulnerability could expose critical infrastructure to potential cyberattacks affecting the operational technology (OT) that governs physical processes.

As per the reports from Claroty's Team82, the bug, which is rated 8.4 on the CVSS scale, could allow a remote attacker with network access to the device to issue elevated commands to the PLC's CPU from an untrusted chassis card. Sharon Brizinov, a researcher at Claroty, explained in a blog post about the bug, "Our technique allowed us to bypass the trusted slot feature implemented by Rockwell that enforces security policies and allows the controller to deny communication via untrusted paths on the local chassis." Consequently, successful attackers can download new logic for controlling a PLC's behavior and issue other elevated commands that could disrupt the physical operations of a manufacturing site.

Rockwell has released a fix for this vulnerability, and users are strongly advised to apply it immediately. The Cybersecurity and Infrastructure Security Agency has also issued mitigation advice, noting that exploiting the vulnerability requires low complexity. According to Rockwell, ControlLogix, GuardLogix, and 1756 ControlLogix I/O Modules, which are extensively used in industrial manufacturing environments, are affected by this vulnerability.

The 1756 chassis, a modular enclosure that houses various cards within physical slots, is responsible for communicating with sensors, actuators, and other OT equipment. It also provides the physical and electrical connections that allow these components to interoperate and communicate with each other. All of the communication and connections are executed via a shared circuit board known as the backplane, using the common industrial protocol, or CIP.

To prevent unauthorized access to critical control systems via the CIP protocol, site security administrators are urged to promptly apply Rockwell's patches: ControlLogix 5580 (1756-L8z): Update to versions V32.016, V33.015, V34.014, V35.011, and later. GuardLogix 5580 (1756-L8zS): Update to versions V32.016, V33.015, V34.014, V35.011 and later. 1756-EN4TR: Update to versions V5.001 and later. 1756-EN2T Series D, 1756-EN2F Series C, 1756-EN2TR Series C, 1756-EN3TR Series B, and 1756-EN2TP Series A: Update to version V12.001 and later.

Related News

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.