{"id":166581,"date":"2024-08-05T09:50:32","date_gmt":"2024-08-05T09:50:32","guid":{"rendered":"https:\/\/securityaffairs.com\/?p=166581"},"modified":"2024-08-05T09:50:33","modified_gmt":"2024-08-05T09:50:33","slug":"rockwell-automation-controllogix-1756-flaw","status":"publish","type":"post","link":"https:\/\/securityaffairs.com\/166581\/ics-scada\/rockwell-automation-controllogix-1756-flaw.html","title":{"rendered":"A flaw in Rockwell Automation ControlLogix 1756 could expose critical control systems to unauthorized access"},"content":{"rendered":"
<\/div>\n

A security bypass bug in Rockwell Automation ControlLogix 1756 devices could allow unauthorized access to vulnerable devices.<\/h2>\n\n\n\n

A high-severity security bypass vulnerability, tracked as CVE-2024-6242 (CVSS Base Score v4.0 of 7.3), impacts Rockwell Automation ControlLogix 1756 devices. An attacker can exploit the vulnerability to execute common industrial protocol<\/a> (CIP) programming and configuration commands. <\/p>\n\n\n\n

“A vulnerability exists in the affected products that allows a threat actor to bypass the Trusted\u00ae Slot feature in a ControlLogix\u00ae controller.” reads the advisory<\/a> published by the vendor. “If exploited on any affected module in a 1756 chassis, a threat actor could potentially execute CIP commands that modify user projects and\/or device configuration on a Logix controller in the chassis.” <\/gwmw><\/p>\n\n\n\n

The vulnerability impacts the following versions of ControlLogix, GuardLogix, and 1756 ControlLogix I\/O Modules:<\/p>\n\n\n\n