Vulnerability Overview

A critical vulnerability in Rockwell Automation’s ControlLogix 1756 series poses a significant risk to industrial control systems (ICS). Identified as CVE-2024-6242, this flaw undermines the trusted slot mechanism designed to prevent unauthorized access.

How the Vulnerability Works

The ControlLogix 1756 chassis contains various components connected via a backplane, with the trusted slot feature controlling communication to authorized slots. However, researchers from Claroty's Team82 discovered that the Common Industrial Protocol (CIP) routing mechanism could be exploited to bypass this security feature. Attackers can manipulate CIP routing to access the controller’s CPU, gaining control over functions typically reserved for authorized devices.

The Impact

Exploitation of this vulnerability could allow attackers to control critical industrial processes, potentially causing severe disruptions. Given the extensive use of ControlLogix 1756 devices across industries, the consequences are far-reaching.

Mitigating the Risk

Rockwell Automation has issued a patch to fix the vulnerability. Users of ControlLogix, GuardLogix, and 1756 ControlLogix I/O Modules should apply this update immediately. Following guidance from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) is also recommended to strengthen system defenses.

Conclusion

This vulnerability underscores the ongoing challenges in securing industrial control systems. While a patch is available, organizations must implement robust security practices, including regular updates, network segmentation, and employee training to protect against new threats.