Rockwell ControlLogix 1756 devices vulnerable to security flaw discovered

August 4, 2024
1 min read

“`html

TLDR:

  • Claroty’s Team82 identified a security flaw in Rockwell Automation ControlLogix 1756 devices.
  • The vulnerability allowed attackers to bypass the trusted slot feature and send elevated commands to the PLC CPU.

Article Summary:

Researchers from Claroty’s Team82 discovered a security bypass vulnerability in Rockwell Automation ControlLogix 1756 devices that allowed attackers to bypass the trusted slot feature, enabling them to send elevated commands to the PLC CPU. This vulnerability, identified as CVE-2024-6242, had a CVSSv3 score of 8.4. Rockwell has released a fix for the issue, and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory with mitigation guidance.

The vulnerability exploited the CIP routing protocol used in industrial networks, allowing attackers to move between local backplane slots within a 1756 chassis. By jumping between slots using CIP routing, attackers could bypass the security boundary meant to protect the CPU from untrusted cards. Claroty’s Team82 released a Snort rule to detect attempts to exploit this vulnerability via the CIP protocol.

To address the issue, Rockwell Automation recommended updating Logix controllers and affected modules to specific versions. The impact of this vulnerability highlighted the importance of effective OT cybersecurity programs and the need for product security within OT and ICS environments to combat escalating cyber threats in critical infrastructure sectors.

“`

Latest from Blog

Top 20 Linux Admin Tools for 2024

TLDR: Top Linux Admin Tools in 2024 Key points: Linux admin tools streamline system configurations, performance monitoring, and security management. Popular Linux admin tools include Webmin, Puppet, Zabbix, Nagios, and Ansible. Summary

Bogus job tempts aerospace, energy workers

TLDR: A North Korean cyberespionage group is posing as job recruiters to target employees in aerospace and energy sectors. Mandiant reports that the group uses fake job descriptions stored in malicious archives