CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-6242

Medium Severity
SVRS
30/100
CVSSv3
NA/10
EPSS
0.00235/1

CVE-2024-6242 poses a significant security risk to Rockwell Automation products. This vulnerability enables attackers to bypass the Trusted® Slot feature in a ControlLogix® controller. Exploit of CVE-2024-6242 in a 1756 chassis could allow unauthorized execution of CIP commands. The attacker could then modify user projects and device configurations on a Logix controller. Despite a low SVRS score of 30, indicating a lower immediate risk compared to vulnerabilities with scores above 80, the potential impact of CWE-420 should not be underestimated, as it can severely compromise industrial control systems. Mitigation steps should be taken based on organizational risk appetite as the CVE is tagged as being exploited In The Wild. This can lead to operational disruption and financial losses.

TAGS
In The Wild
VECTOR STRING
PUBLICATION DATE2024-08-01
LAST MODIFIED2024-08-01
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-6242 is a vulnerability in Rockwell Automation products that allows a threat actor to bypass the Trusted® Slot feature in a ControlLogix® controller. This could potentially allow an attacker to execute CIP commands that modify user projects and/or device configuration on a Logix controller in the chassis. The SVRS for this vulnerability is 30, indicating a moderate level of risk.

Key Insights

  • This vulnerability could allow an attacker to gain control of a Logix controller, which could lead to a loss of control over the affected system.
  • The vulnerability is exploitable remotely, which means that an attacker does not need to have physical access to the affected system.
  • There are no known active exploits for this vulnerability, but it is possible that exploits could be developed in the future.

Mitigation Strategies

  • Update to the latest version of the affected software.
  • Disable the Trusted® Slot feature on affected devices.
  • Implement network segmentation to isolate critical systems from the internet.
  • Use a firewall to block unauthorized access to the affected systems.

Additional Information

  • The Cybersecurity and Infrastructure Security Agency (CISA) has not issued a warning for this vulnerability.
  • There are no known threat actors or APT groups that are actively exploiting this vulnerability.
  • This vulnerability is not currently being used in the wild.

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

Latest Dragos Platform Knowledge Pack Release Includes Expanded IoT Asset Categorization, High Severity Playbooks, Plus Critical Threat Detections
Camille Stauffer2024-12-02
Latest Dragos Platform Knowledge Pack Release Includes Expanded IoT Asset Categorization, High Severity Playbooks, Plus Critical Threat Detections | In the ever-evolving landscape of cybersecurity, staying ahead of threats is paramount. At Dragos, we are committed to providing our... The post Latest Dragos Platform Knowledge Pack Release Includes Expanded IoT Asset Categorization, High Severity Playbooks, Plus Critical Threat Detections first appeared on Dragos.In the ever-evolving landscape of cybersecurity, staying ahead
dragos.com
rss
forum
news
Must Read - Security Affairs
2023-08-27
Must Read - Security Affairs | News Content: A British national has been charged for his execution of a hack-to-trade scheme The Department of Justice charged a British national for hacking into the systems of five U.S. organizations. The Department of Justice charged the British national Robert Westbrook (39) for hacking into the systems of five U.S. companies. Westbrook was arrested in the United Kingdom this week with is awaiting extradition to the United States. “Robert […] Critical NVIDIA Container Toolkit flaw could allow access to the underlying host A critical vulnerability in the NVIDIA Container Toolkit could allow a container
google.com
rss
forum
news
Must Read - Security Affairs
2023-08-27
Must Read - Security Affairs | News Content: Israel army hacked the communication network of the Beirut Airport control tower Israel allegedly hacked Beirut airport ‘s control tower, warning an Iranian plane not to land, forcing it to return to Tehran. The Israeli cyber army on Saturday hacked into the control tower of Beirut Airport, the Rafic Hariri International Airport. The IDF breached the communication network of the control tower and threatened an Iranian civilian […] SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 13 Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Security Affairs
google.com
rss
forum
news
Must Read - Security Affairs
2023-08-27
Must Read - Security Affairs | News Content: Irish Data Protection Commission fined Meta €91 million for storing passwords in readable format The Irish Data Protection Commission (DPC) fined Meta €91 million for storing the passwords of hundreds of millions of users in plaintext. The Irish Data Protection Commission (DPC) has fined Meta Platforms Ireland Limited (MPIL) €91 million ($100 million) for storing the passwords of hundreds of millions of users in plaintext, violating data protection regulations. […] A cyberattack on Kuwait Health Ministry impacted hospitals in the country The Kuwait Health Ministry is recovering from a cyberattack that disrupted systems at multiple
github
config
social media
ireland
Must Read - Security Affairs
2023-08-27
Must Read - Security Affairs | News Content: A cyberattack on Kuwait Health Ministry impacted hospitals in the country The Kuwait Health Ministry is recovering from a cyberattack that disrupted systems at multiple hospitals and disabled the Sahel healthcare app. Kuwait’s Health Ministry was the victim of a cyberattack that took systems at several of the country’s hospitals offline. The cyber attack also impacted the Ministry of Health website, which is still offline, and […] Cyber vandalism on Wi-Fi networks at UK train stations spread an anti-Islam message UK police are investigating a cyberattack that disrupted Wi-Fi networks
google.com
rss
forum
news
Must Read - Security Affairs
2023-08-27
Must Read - Security Affairs | News Content: Tor Project responded to claims that law enforcement can de-anonymize Tor users The maintainers of the Tor Project have responded to claims that German police have devised a technique to deanonymize users. The maintainers of the Tor Project have responded to claims that German law enforcement has devised a technique to deanonymize its users. According to German media, law enforcement has infiltrated the anonymizing network and in […] UNC1860 provides Iran-linked APTs with access to Middle Eastern networks Iran-linked APT group UNC1860 is operating as an initial access facilitator that provides remote
google.com
rss
forum
news

Social Media

UPDATE Rockwell fixed it (CVE-2024-6242), and a new Snort rule can now spot these attacks.
0
0
0
https://t.co/loKW9hLJVu - "Critical security vulnerability CVE-2024-6242 in Rockwell Automation ControlLogix 1756 devices allows remote access to compromise operational technology. Apply Rockwell’s patches immediately. #Xynik #Cybersecurity #IndustrialAutomation"
0
0
0
"Critical Flaw in Rockwell Automation Devices! Unauthorized access risk due to high-severity security bypass vulnerability (CVE-2024-6242). Update now to prevent CIP command execut... https://t.co/yRfrOa4k7a
0
0
0
"BREAKING: Critical flaw in Rockwell Automation devices allows unauthorized access! CVE-2024-6242 enables attackers to bypass security & execute malicious commands. Update now to... https://t.co/B0NbMwv1Uf
0
0
0
Severe Vulnerability in Rockwell Automation ControlLogix Devices: CVE-2024-6242 #rockwellautomation #cybersecurity #breakingnews https://t.co/7SsTYnTTHX
0
0
0
"BREAKING: High-severity security bypass vulnerability (CVE-2024-6242) found in Rockwell Automation Logix controllers! Patches released for affected products. Don't let hackers e... https://t.co/XglsjZUEEb
0
0
0
"ALERT! High-severity security bypass vulnerability (CVE-2024-6242) found in Rockwell Automation Logix controllers. Patch now to prevent potential attacks! #Cybersecurity #ICSsecur... https://t.co/OjONeR5hHE
0
0
0
"BREAKING: High-severity security bypass vulnerability (CVE-2024-6242) found in Rockwell Automation Logix controllers, allowing attackers to bypass Trusted Slot feature & execute... https://t.co/t2P9SvzeA5
0
0
0
"BREAKING: High-severity security bypass vulnerability (CVE-2024-6242) discovered in Rockwell Automation Logix controllers. Threat actors can bypass Trusted Slot feature, potential... https://t.co/XglsjZUEEb
0
0
0
"High-severity security bypass vulnerability found in Rockwell Automation Logix controllers! CVE-2024-6242 allows attackers to bypass Trusted Slot feature, potentially executing ma... https://t.co/696ZNP5r1e
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1682.html

CWE Details

CWE IDCWE NameDescription
CWE-420Unprotected Alternate ChannelThe software protects a primary channel, but it does not use the same level of protection for an alternate channel.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence