Rockwell Automation ControlLogix 1756 devices are vulnerable to security bypass
Take action: If you are using Rockwell Automation ControlLogix devices, review the advisory, and check whether you have applied all mitigating measures - isolation of access, network isolation, restriction of CIP commands. Then plan for a patch.
Learn More
Rockwell Automation ControlLogix 1756 devices are affected by a high-severity security bypass vulnerability, tracked as CVE-2024-6242, (CVSS score varies from 7.3 to 9.8).
The vulnerability permits an attacker to exploit common industrial protocol (CIP) programming and configuration commands, bypassing the Trusted Slot feature in the ControlLogix controllers.
An attacker with network access to the affected device can use the vulnerability to send elevated CIP commands, exploiting the signaling of the Trusted Slot feature, and potentially modifying user projects or device configurations on a Logix controller within the chassis. This flaw allowed unauthorized traversal between local backplane slots using CIP routing, breaching the security boundaries meant to protect the PLC CPU from untrusted cards.
It affects the following Rockwell Automation devices:
- ControlLogix 5580 (1756-L8z) with firmware versions up to V28 and V31.
- GuardLogix 5580 (1756-L8zS) with firmware versions up to V28 and V31.
- 1756-EN4TR with firmware version V2.
- 1756-EN2T, 1756-EN2F, 1756-EN2TR, and 1756-EN3TR models of Series A, B, and C.
Rockwell Automation has addressed this vulnerability in their latest firmware updates, and users are strongly urged to apply these updates immediately. The flaw is fixed in versions:
- ControlLogix 5580 (1756-L8z): V32.016, V33.015, V34.014, V35.011, and later.
- GuardLogix 5580 (1756-L8zS): V32.016, V33.015, V34.014, V35.011, and later.
- 1756-EN4TR: V5.001 and later.
- 1756-EN2T Series D, 1756-EN2F Series C, 1756-EN2TR Series C, 1756-EN3TR Series B, and 1756-EN2TP Series A: V12.001 and later.
For devices that cannot be upgraded, the following mitigation measures are recommended:
- Restrict CIP commands by setting the mode switch to RUN.
- Minimize network exposure and ensure that control systems are not accessible from the internet.
- Isolate control system networks from business networks using firewalls.
- Use updated VPNs for secure remote access.
