Adrian Johnson
“`html
TLDR:
- Claroty’s Team82 identified a security flaw in Rockwell Automation ControlLogix 1756 devices.
- The vulnerability allowed attackers to bypass the trusted slot feature and send elevated commands to the PLC CPU.
Article Summary:
Researchers from Claroty’s Team82 discovered a security bypass vulnerability in Rockwell Automation ControlLogix 1756 devices that allowed attackers to bypass the trusted slot feature, enabling them to send elevated commands to the PLC CPU. This vulnerability, identified as CVE-2024-6242, had a CVSSv3 score of 8.4. Rockwell has released a fix for the issue, and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory with mitigation guidance.
The vulnerability exploited the CIP routing protocol used in industrial networks, allowing attackers to move between local backplane slots within a 1756 chassis. By jumping between slots using CIP routing, attackers could bypass the security boundary meant to protect the CPU from untrusted cards. Claroty’s Team82 released a Snort rule to detect attempts to exploit this vulnerability via the CIP protocol.
To address the issue, Rockwell Automation recommended updating Logix controllers and affected modules to specific versions. The impact of this vulnerability highlighted the importance of effective OT cybersecurity programs and the need for product security within OT and ICS environments to combat escalating cyber threats in critical infrastructure sectors.
“`
