Today > vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-6242

Aug. 1, 2024, 4:45 p.m.

Tags

PSIRT@rockwellautomation.com
2024-08-01
CVE-2024-6242
CWE-420

Product(s) Impacted

Rockwell Automation ControlLogix controller

Description

A vulnerability exists in Rockwell Automation affected products that allows a threat actor to bypass the Trusted® Slot feature in a ControlLogix® controller. If exploited on any affected module in a 1756 chassis, a threat actor could potentially execute CIP commands that modify user projects and/or device configuration on a Logix controller in the chassis.

Weaknesses

CWE-420
Unprotected Alternate Channel

The product protects a primary channel, but it does not use the same level of protection for an alternate channel.

CWE ID: 420

Date

Published: Aug. 1, 2024, 4:15 p.m.

Last Modified: Aug. 1, 2024, 4:45 p.m.

Status : Awaiting Analysis

CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

More info

Source

PSIRT@rockwellautomation.com

References

https://www.rockwellautomation.com/ PSIRT@rockwellautomation.com