Critical Flaw in Rockwell Automation Devices Allows Unauthorized Access

The flaw, which is assigned the CVE identifier CVE-2024-6242, carries a CVSS v3.1 score of 8.4.

A vulnerability exists in the affected products that allows a threat actor to bypass the Trusted Slot feature in a ControlLogix controller, the U.S. Cybersecurity and Infrastructure Security Agency (CISA)

Following responsible disclosure, the shortcoming has been addressed in the following versions -

ControlLogix 5580 (1756-L8z) - Update to versions V32.016, V33.015, V34.014, V35.011, and later.

GuardLogix 5580 (1756-L8zS) - Update to versions V32.016, V33.015, V34.014, V35.011 and later.

1756-EN4TR - Update to versions V5.001 and later.

1756-EN2T Series D, 1756-EN2F Series C, 1756-EN2TR Series C, 1756-EN3TR Series B, and 1756-EN2TP Series A - Update to version V12.001 and later

“This vulnerability had the potential to expose critical control systems to unauthorized access over the CIP protocol that originated from untrusted chassis slots

Critical Flaw in Rockwell Automation Devices Allows Unauthorized Access

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

INDIA | Chennai

INDIA | Kochi

INDIA | Thane

UK | London

USA | New York

KUWAIT

SRI LANKA

Address

Critical Flaw in Rockwell Automation Devices Allows Unauthorized Access

05-August-24

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

INDIA | Chennai

INDIA | Kochi

INDIA | Thane

UK | London

USA | New York

KUWAIT

SRI LANKA

Address