{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-6242","assignerOrgId":"b73dd486-f505-4403-b634-40b078b177f0","state":"PUBLISHED","assignerShortName":"Rockwell","dateReserved":"2024-06-21T12:21:00.689Z","datePublished":"2024-08-01T15:15:32.220Z","dateUpdated":"2025-09-25T13:34:40.444Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"ControlLogix® 5580 (1756-L8z)","vendor":"Rockwell Automation","versions":[{"status":"affected","version":"V28"}]},{"defaultStatus":"unaffected","product":"GuardLogix® 5580 (1756-L8zS)","vendor":"Rockwell Automation","versions":[{"status":"affected","version":"V31"}]},{"defaultStatus":"unaffected","product":"1756-EN4TR","vendor":"Rockwell Automation","versions":[{"status":"affected","version":"V2"}]},{"defaultStatus":"unaffected","platforms":["Series A/B/C"],"product":"1756-EN2T","vendor":"Rockwell Automation","versions":[{"status":"affected","version":"v5.007(unsigned)/v5.027(signed)"}]},{"defaultStatus":"unaffected","platforms":["Series A/B"],"product":"1756-EN2F","vendor":"Rockwell Automation","versions":[{"status":"affected","version":"v5.007(unsigned)/v5.027(signed)"}]},{"defaultStatus":"unaffected","platforms":["Series A/B"],"product":"1756-EN2TR","vendor":"Rockwell Automation","versions":[{"status":"affected","version":"v5.007(unsigned)/v5.027(signed)"}]},{"defaultStatus":"unaffected","platforms":["Series B"],"product":"1756-EN3TR","vendor":"Rockwell Automation","versions":[{"status":"affected","version":"v5.007(unsigned)/v5.027(signed)"}]},{"defaultStatus":"unaffected","platforms":["Series D"],"product":"1756-EN2T","vendor":"Rockwell Automation","versions":[{"status":"affected","version":"1756-EN2T/D: V10.006"}]},{"defaultStatus":"unaffected","product":"1756-EN2F","vendor":"Rockwell Automation","versions":[{"status":"affected","version":"1756-EN2F/C: V10.009"}]},{"defaultStatus":"unaffected","platforms":["Series C"],"product":"1756-EN2TR","vendor":"Rockwell Automation","versions":[{"status":"affected","version":"1756-EN2TR/C: V10.007"}]},{"defaultStatus":"unaffected","platforms":["Series B"],"product":"1756-EN3TR","vendor":"Rockwell Automation","versions":[{"status":"affected","version":"1756-EN3TR/B: V10.007"}]},{"defaultStatus":"unaffected","platforms":["Series A"],"product":"1756-EN2TP","vendor":"Rockwell Automation","versions":[{"status":"affected","version":"1756-EN2TP/A: V10.020"}]}],"credits":[{"lang":"en","type":"finder","value":"Claroty reported this vulnerability."}],"datePublic":"2024-08-01T13:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"A vulnerability exists in Rockwell Automation affected products that allows a threat actor to bypass the Trusted® Slot feature in a ControlLogix® controller. If exploited on any affected module in a 1756 chassis, a threat actor could potentially execute CIP commands that modify user projects and/or device configuration on a Logix controller in the chassis.  "}],"value":"A vulnerability exists in Rockwell Automation affected products that allows a threat actor to bypass the Trusted® Slot feature in a ControlLogix® controller. If exploited on any affected module in a 1756 chassis, a threat actor could potentially execute CIP commands that modify user projects and/or device configuration on a Logix controller in the chassis."}],"impacts":[{"capecId":"CAPEC-216","descriptions":[{"lang":"en","value":"CAPEC-216 Communication Channel Manipulation"}]}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"PRESENT","attackVector":"NETWORK","baseScore":7.3,"baseSeverity":"HIGH","privilegesRequired":"LOW","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"HIGH","subConfidentialityImpact":"LOW","subIntegrityImpact":"HIGH","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:H/SC:L/SI:H/SA:H","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-420","description":"CWE-420: Unprotected Alternate Channel","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"b73dd486-f505-4403-b634-40b078b177f0","shortName":"Rockwell","dateUpdated":"2024-08-01T15:15:32.220Z"},"references":[{"url":"https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1682.html"}],"source":{"advisory":"SD1682","discovery":"EXTERNAL"},"title":"Rockwell Automation Chassis Restrictions Bypass Vulnerability in Select Logix Devices","workarounds":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"

\n\n

Affected Product

First Known in Firmware Revision

Corrected in Firmware Revision

ControlLogix® 5580 (1756-L8z)

V28

V32.016, V33.015, V34.014,  
V35.011 and later

 

GuardLogix® 5580 (1756-L8zS)

V31

V32.016, V33.015, V34.014,  
V35.011 and later

1756-EN4TR

V2

V5.001 and later

1756-EN2T, Series A/B/C

1756-EN2F, Series A/B

1756-EN2TR, Series A/B

1756-EN3TR, Series B

v5.007(unsigned)/v5.027(signed)

No fix is available for Series A/B/C. Users can upgrade to Series D to remediate this vulnerability

1756-EN2T, Series D

1756-EN2F, Series C

1756-EN2TR, Series C

1756-EN3TR, Series B

1756-EN2TP, Series A

1756-EN2T/D: V10.006

1756-EN2F/C: V10.009

1756-EN2TR/C: V10.007

1756-EN3TR/B: V10.007

1756-EN2TP/A: V10.020

V12.001 and later

\n\n

\n\n

Users using the affected firmware and who are not able to upgrade to one of the corrected versions are encouraged to apply the following mitigation and security best practices, where possible.   

"}],"value":"Affected Product \n\n\n\n\n\nFirst Known in Firmware Revision \n\n\n\n\n\nCorrected in Firmware Revision \n\n\n\n\n\nControlLogix® 5580 (1756-L8z) \n\n\n\n\n\nV28 \n\n\n\n\n\nV32.016, V33.015, V34.014,  \nV35.011 and later \n\n\n\n \n\n\n\n\n\nGuardLogix® 5580 (1756-L8zS) \n\n\n\n\n\nV31 \n\n\n\n\n\nV32.016, V33.015, V34.014,  \nV35.011 and later \n\n\n\n\n\n1756-EN4TR \n\n\n\n\n\nV2 \n\n\n\n\n\nV5.001 and later \n\n\n\n\n\n1756-EN2T, Series A/B/C \n\n\n\n1756-EN2F, Series A/B \n\n\n\n1756-EN2TR, Series A/B \n\n\n\n1756-EN3TR, Series B \n\n\n\n\n\nv5.007(unsigned)/v5.027(signed) \n\n\n\n\n\nNo fix is available for Series A/B/C. Users can upgrade to Series D to remediate this vulnerability \n\n\n\n\n\n1756-EN2T, Series D \n\n\n\n1756-EN2F, Series C \n\n\n\n1756-EN2TR, Series C \n\n\n\n1756-EN3TR, Series B \n\n\n\n1756-EN2TP, Series A \n\n\n\n\n\n1756-EN2T/D: V10.006 \n\n\n\n1756-EN2F/C: V10.009 \n\n\n\n1756-EN2TR/C: V10.007 \n\n\n\n1756-EN3TR/B: V10.007 \n\n\n\n1756-EN2TP/A: V10.020 \n\n\n\n\n\nV12.001 and later \n\n\n\n\n\n\n\n\n\n\n\n\n\n\nUsers using the affected firmware and who are not able to upgrade to one of the corrected versions are encouraged to apply the following mitigation and security best practices, where possible.   \n\n\n\n * Limit the allowed CIP commands on controllers by setting the mode switch to the RUN position. \n\n\n\n\n\n\n\n\n * Security Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"}],"x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-09-25T13:34:35.364759Z","id":"CVE-2024-6242","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-09-25T13:34:40.444Z"}}]}}