Awaiting Analysis
CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Products
Rockwell Automation ControlLogix controller
Source
PSIRT@rockwellautomation.com
Tags
CVE-2024-6242 details
Published : Aug. 1, 2024, 4:15 p.m.
Last Modified : Aug. 1, 2024, 4:45 p.m.
Last Modified : Aug. 1, 2024, 4:45 p.m.
Description
A vulnerability exists in Rockwell Automation affected products that allows a threat actor to bypass the Trusted® Slot feature in a ControlLogix® controller. If exploited on any affected module in a 1756 chassis, a threat actor could potentially execute CIP commands that modify user projects and/or device configuration on a Logix controller in the chassis.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-420 | Unprotected Alternate Channel | The product protects a primary channel, but it does not use the same level of protection for an alternate channel. |
References
| URL | Source |
|---|---|
| https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1682.html | PSIRT@rockwellautomation.com |
This website uses the NVD API, but is not approved or certified by it.