Rockwell PLC Security Bypass Threatens Manufacturing Processes

A security vulnerability in Rockwell Automations ControlLogix 1756 programmable logic controllers, tracked as CVE-2024-6242, could allow tampering with physical processes at plants.

A security bypass vulnerability in Rockwell Automation ControlLogix 1756 devices could open critical infrastructure to cyberattacks on the operational technology (OT) that controls physical processes.
According to Clarotys Team82, the bug (CVE-2024-6242, CVSS 8.4), could allow a remote attacker with network access to the device to send elevated commands to the CPU of a
programmable logic controller
(PLC), from an untrusted chassis card.
Our technique allowed us to bypass the trusted slot feature implemented by Rockwell that enforces security policies and allows the controller to deny communication via untrusted paths on the local chassis, Claroty researcher Sharon Brizinov explained in a blog posting on the bug.
The result? Successful attackers can download new logic for controlling a PLCs behavior, and send other elevated commands that would interfere with the
physical operations of a manufacturing site
.
Rockwell has issued a fix, and users are urged to apply it immediately; and the
Cybersecurity and Infrastructure Security Agency has published mitigation advice
, noting that exploitation is a low-complexity endeavor.
According to Rockwell, ControlLogix, GuardLogix, and 1756 ControlLogix I/O Modules, widely deployed in industrial manufacturing environments, are affected by the vulnerability.
The 1756 chassis is a modular enclosure that houses various cards within physical slots that are responsible for communicating with sensors, actuators, and other OT equipment; they also provide the physical and electrical connections to allow those components to interoperate and talk to each other. All of the communication and connections are carried out via a shared circuit board known as the backplane, using the common industrial protocol, or CIP.
A 1756 PLC in a production line might be connected to multiple sources via different network cards, for example, the human-machine interface (HMI) panel, engineering workstation, and other devices, Brizinov explained. To ensure that only specific individual devices are performing elevated operations on the PLC such as download logic, a security mechanism was introduced called trusted slot.
The trusted-slot feature ensures that only authorized slots can communicate with each other, protecting against potential tampering. It does this by requiring slots to essentially authenticate to the PLC.
However, Claroty found a way around that.
Since all slots are connected via the backplane, and CIP supports path (routing), we could generate a CIP packet that will be routed through a trusted card before it reaches the CPU, according to
the blog post
. Basically, the method involved jumping between local backplane slots…This technique allowed us to traverse the security boundary that was meant to protect the CPU from untrusted cards.
To prevent the exposure of critical control systems to unauthorized access over the CIP protocol, site security administrators should apply Rockwells patches immediately:
ControlLogix 5580 (1756-L8z): Update to versions V32.016, V33.015, V34.014, V35.011, and later.
GuardLogix 5580 (1756-L8zS): Update to versions V32.016, V33.015, V34.014, V35.011 and later.
1756-EN4TR: Update to versions V5.001 and later.
1756-EN2T Series D, 1756-EN2F Series C, 1756-EN2TR Series C, 1756-EN3TR Series B, and 1756-EN2TP Series A: Update to version V12.001 and later

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Rockwell PLC Security Bypass Threatens Manufacturing Processes