Unprotected Alternate Channel in Rockwell Automation Logix Controllers



Published: 2024-08-02 | Updated: 2024-08-02

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Unprotected Alternate Channel

EUVDB-ID: #VU95171

Risk: Medium

CVSSv3.1: 7.3 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-6242

CWE-ID: CWE-420 - Unprotected Alternate Channel

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to unprotected alternate channel within the Trusted Slot feature. A remote user can execute CIP commands that modify user projects and/or device configuration on a Logix controller in the chassis.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

ControlLogix: 28

GuardLogix: 31

1756-EN4TR: 2

1756-EN2T Series A: 5.007 - 5.027

1756-EN2T Series B: 5.007 - 5.027

1756-EN2T Series C: 5.007 - 5.027

1756-EN2F Series A: 5.007 - 5.027

1756-EN2F Series B: 5.007 - 5.027

1756-EN2TR Series A: 5.007 - 5.027

1756-EN2TR Series B: 5.007 - 5.027

1756-EN3TR Series B: 5.007 - 5.027

1756-EN2T Series D: 10.006

1756-EN2F Series C: 10.009

1756-EN2TR Series C: 10.007

1756-EN2TP Series A: 10.020

External links

http://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1682.html
http://www.cisa.gov/news-events/ics-advisories/icsa-24-214-09
http://claroty.com/team82/research/bypassing-rockwell-automation-logix-controllers-local-chassis-security-protection
http://claroty.com/team82/disclosure-dashboard/cve-2024-6242


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###