All the vulnerabilites related to Rockwell Automation - 1756-EN2TP
cve-2024-6242
Vulnerability from cvelistv5
Published
2024-08-01 15:15
Modified
2024-08-01 18:01
Summary
Rockwell Automation Chassis Restrictions Bypass Vulnerability in Select Logix Devices
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-6242",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-01T18:00:51.414361Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-01T18:01:01.646Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "ControlLogix\u00ae 5580 (1756-L8z)",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "V28"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "GuardLogix\u00ae 5580  (1756-L8zS)",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "V31"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "1756-EN4TR",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "V2"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Series A/B/C"
          ],
          "product": "1756-EN2T",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "v5.007(unsigned)/v5.027(signed)"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Series A/B"
          ],
          "product": "1756-EN2F",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "v5.007(unsigned)/v5.027(signed)"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Series A/B"
          ],
          "product": "1756-EN2TR",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "v5.007(unsigned)/v5.027(signed)"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Series B"
          ],
          "product": "1756-EN3TR",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "v5.007(unsigned)/v5.027(signed)"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Series D"
          ],
          "product": "1756-EN2T",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "1756-EN2T/D: V10.006"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "1756-EN2F",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "1756-EN2F/C: V10.009"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Series C"
          ],
          "product": "1756-EN2TR",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "1756-EN2TR/C: V10.007"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Series B"
          ],
          "product": "1756-EN3TR",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "1756-EN3TR/B: V10.007"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Series A"
          ],
          "product": "1756-EN2TP",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "1756-EN2TP/A: V10.020"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Claroty reported this vulnerability."
        }
      ],
      "datePublic": "2024-08-01T13:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA vulnerability exists in Rockwell Automation affected products that allows a threat actor to bypass the Trusted\u00ae Slot feature in a ControlLogix\u00ae controller. If exploited on any affected module in a 1756 chassis, a threat actor could potentially execute CIP commands that modify user projects and/or device configuration on a Logix controller in the chassis. \u0026nbsp;\u003c/span\u003e"
            }
          ],
          "value": "A vulnerability exists in Rockwell Automation affected products that allows a threat actor to bypass the Trusted\u00ae Slot feature in a ControlLogix\u00ae controller. If exploited on any affected module in a 1756 chassis, a threat actor could potentially execute CIP commands that modify user projects and/or device configuration on a Logix controller in the chassis."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-216",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-216 Communication Channel Manipulation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "LOW",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:H/SC:L/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-420",
              "description": "CWE-420: Unprotected Alternate Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-01T15:15:32.220Z",
        "orgId": "b73dd486-f505-4403-b634-40b078b177f0",
        "shortName": "Rockwell"
      },
      "references": [
        {
          "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1682.html"
        }
      ],
      "source": {
        "advisory": "SD1682",
        "discovery": "EXTERNAL"
      },
      "title": "Rockwell Automation Chassis Restrictions Bypass Vulnerability in Select Logix Devices",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003e\n\n\u003c/p\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eAffected Product \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eFirst Known in Firmware Revision \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eCorrected in Firmware Revision \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eControlLogix\u00ae 5580 (1756-L8z) \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eV28 \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eV32.016, V33.015, V34.014, \u0026nbsp;\u003cbr\u003eV35.011 and later \u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eGuardLogix\u00ae 5580 (1756-L8zS) \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eV31 \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eV32.016, V33.015, V34.014, \u0026nbsp;\u003cbr\u003eV35.011 and later \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e1756-EN4TR \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eV2 \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eV5.001 and later \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e1756-EN2T, Series A/B/C \u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003cp\u003e1756-EN2F, Series A/B \u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003cp\u003e1756-EN2TR, Series A/B \u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003cp\u003e1756-EN3TR, Series B \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003ev5.007(unsigned)/v5.027(signed) \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eNo fix is available for Series A/B/C. Users can upgrade to Series D to remediate this vulnerability \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e1756-EN2T, Series D \u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003cp\u003e1756-EN2F, Series C \u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003cp\u003e1756-EN2TR, Series C \u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003cp\u003e1756-EN3TR, Series B \u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003cp\u003e1756-EN2TP, Series A \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e1756-EN2T/D: V10.006 \u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003cp\u003e1756-EN2F/C: V10.009 \u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003cp\u003e1756-EN2TR/C: V10.007 \u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003cp\u003e1756-EN3TR/B: V10.007 \u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003cp\u003e1756-EN2TP/A: V10.020 \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eV12.001 and later \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\n\n\u003cbr\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\n\n\u003c/p\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUsers using the affected firmware and who are not able to upgrade to one of the corrected versions are encouraged to apply the following mitigation and security best practices, where possible.\u202f\u003c/span\u003e\u202f\u0026nbsp;\u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003eLimit the allowed CIP commands on controllers by setting the mode switch to the RUN position. \u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/div\u003e\u003c/div\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\"\u003eSecurity Best Practices\u003c/a\u003e\u0026nbsp;\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/div\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e"
            }
          ],
          "value": "Affected Product \n\n\n\n\n\nFirst Known in Firmware Revision \n\n\n\n\n\nCorrected in Firmware Revision \n\n\n\n\n\nControlLogix\u00ae 5580 (1756-L8z) \n\n\n\n\n\nV28 \n\n\n\n\n\nV32.016, V33.015, V34.014, \u00a0\nV35.011 and later \n\n\n\n\u00a0\n\n\n\n\n\nGuardLogix\u00ae 5580 (1756-L8zS) \n\n\n\n\n\nV31 \n\n\n\n\n\nV32.016, V33.015, V34.014, \u00a0\nV35.011 and later \n\n\n\n\n\n1756-EN4TR \n\n\n\n\n\nV2 \n\n\n\n\n\nV5.001 and later \n\n\n\n\n\n1756-EN2T, Series A/B/C \n\n\n\n1756-EN2F, Series A/B \n\n\n\n1756-EN2TR, Series A/B \n\n\n\n1756-EN3TR, Series B \n\n\n\n\n\nv5.007(unsigned)/v5.027(signed) \n\n\n\n\n\nNo fix is available for Series A/B/C. Users can upgrade to Series D to remediate this vulnerability \n\n\n\n\n\n1756-EN2T, Series D \n\n\n\n1756-EN2F, Series C \n\n\n\n1756-EN2TR, Series C \n\n\n\n1756-EN3TR, Series B \n\n\n\n1756-EN2TP, Series A \n\n\n\n\n\n1756-EN2T/D: V10.006 \n\n\n\n1756-EN2F/C: V10.009 \n\n\n\n1756-EN2TR/C: V10.007 \n\n\n\n1756-EN3TR/B: V10.007 \n\n\n\n1756-EN2TP/A: V10.020 \n\n\n\n\n\nV12.001 and later \n\n\n\n\n\n\n\n\n\n\n\n\n\n\nUsers using the affected firmware and who are not able to upgrade to one of the corrected versions are encouraged to apply the following mitigation and security best practices, where possible.\u202f\u202f\u00a0\n\n\n\n  *  Limit the allowed CIP commands on controllers by setting the mode switch to the RUN position. \n\n\n\n\n\n\n\n\n  *   Security Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
    "assignerShortName": "Rockwell",
    "cveId": "CVE-2024-6242",
    "datePublished": "2024-08-01T15:15:32.220Z",
    "dateReserved": "2024-06-21T12:21:00.689Z",
    "dateUpdated": "2024-08-01T18:01:01.646Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}