Security Bulletin
This security bulletin contains one medium risk vulnerability.
EUVDB-ID: #VU95171
Risk: Medium
CVSSv3.1: 7.3 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-6242
CWE-ID:
CWE-420 - Unprotected Alternate Channel
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to unprotected alternate channel within the Trusted Slot feature. A remote user can execute CIP commands that modify user projects and/or device configuration on a Logix controller in the chassis.
MitigationInstall updates from vendor's website.
Vulnerable software versionsControlLogix: 28
GuardLogix: 31
1756-EN4TR: 2
1756-EN2T Series A: 5.007 - 5.027
1756-EN2T Series B: 5.007 - 5.027
1756-EN2T Series C: 5.007 - 5.027
1756-EN2F Series A: 5.007 - 5.027
1756-EN2F Series B: 5.007 - 5.027
1756-EN2TR Series A: 5.007 - 5.027
1756-EN2TR Series B: 5.007 - 5.027
1756-EN3TR Series B: 5.007 - 5.027
1756-EN2T Series D: 10.006
1756-EN2F Series C: 10.009
1756-EN2TR Series C: 10.007
1756-EN2TP Series A: 10.020
External linkshttp://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1682.html
http://www.cisa.gov/news-events/ics-advisories/icsa-24-214-09
http://claroty.com/team82/research/bypassing-rockwell-automation-logix-controllers-local-chassis-security-protection
http://claroty.com/team82/disclosure-dashboard/cve-2024-6242
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.