CVE-2024-6242

Name of the Vulnerable Software and Affected Versions Rockwell Automation 1756-EN4TR, 1756-EN2T Series A/B/C, 1756-EN2F Series A/B, 1756-EN2TR Series A/B, 1756-EN3TR Series B, 1756-EN2T Series D, 1756-EN2F Series C, 1756-EN2TR Series C, 1756-EN3TR Series B, 1756-EN2TP Series A

Description A vulnerability exists in Rockwell Automation affected products that allows a threat actor to bypass the Trusted Slot feature in a ControlLogix controller. If exploited on any affected module in a 1756 chassis, a threat actor could potentially execute CIP commands that modify user projects and/or device configuration on a Logix controller in the chassis. The vulnerability is related to the use of an unprotected alternative channel.

Recommendations For Rockwell Automation 1756-EN4TR, 1756-EN2T Series A/B/C, 1756-EN2F Series A/B, 1756-EN2TR Series A/B, 1756-EN3TR Series B, 1756-EN2T Series D, 1756-EN2F Series C, 1756-EN2TR Series C, 1756-EN3TR Series B, 1756-EN2TP Series A, update to the latest version that includes the fix for this issue, as Rockwell has released an update to address the vulnerability. As a temporary workaround, consider restricting access to the CIP commands to minimize the risk of exploitation. Avoid using the unprotected alternative channel until the issue is resolved.