A high-severity safety bypass vulnerability has been disclosed in Rockwell Automation ControlLogix 1756 units which may be exploited to execute not unusual commercial protocol (CIP) programming and configuration instructions.
The flaw, which is assigned the CVE identifier CVE-2024-6242, carries a CVSS v3.1 ranking of 8.4.
“A vulnerability exists within the affected merchandise that permits a risk actor to avoid the Depended on Slot characteristic in a ControlLogix controller,” the U.S. Cybersecurity and Infrastructure Safety Company (CISA) stated in an advisory.
“If exploited on any affected module in a 1756 chassis, a risk actor may doubtlessly execute CIP instructions that vary person tasks and/or software configuration on a Logix controller within the chassis.”
Operational era safety corporate Claroty, which found out and reported the vulnerability, stated it evolved one way that made it conceivable to avoid the depended on slot characteristic and ship malicious instructions to the programming good judgment controller (PLC) CPU.
The depended on slot characteristic “enforces safety insurance policies and permits the controller to disclaim communique by means of untrusted paths at the native chassis,” safety researcher Sharon Brizinov stated.
“The vulnerability we discovered, prior to it used to be mounted, allowed an attacker to leap between native backplane slots inside a 1756 chassis the use of CIP routing, traversing the protection boundary supposed to offer protection to the CPU from untrusted playing cards.”
Whilst a a hit exploit calls for community get entry to to the software, an attacker may benefit from the flaw to ship increased instructions, together with downloading arbitrary good judgment to the PLC CPU, despite the fact that the attacker is situated in the back of an untrusted community card.
Following accountable disclosure, the inability has been addressed within the following variations –
- ControlLogix 5580 (1756-L8z) – Replace to variations V32.016, V33.015, V34.014, V35.011, and later.
- GuardLogix 5580 (1756-L8zS) – Replace to variations V32.016, V33.015, V34.014, V35.011 and later.
- 1756-EN4TR – Replace to variations V5.001 and later.
- 1756-EN2T Collection D, 1756-EN2F Collection C, 1756-EN2TR Collection C, 1756-EN3TR Collection B, and 1756-EN2TP Collection A – Replace to model V12.001 and later
“This vulnerability had the prospective to reveal important regulate methods to unauthorized get entry to over the CIP protocol that originated from untrusted chassis slots,” Brizinov stated.