Rockwell Automation Family Security Update Advisory (CVE-2024-6242)

Overview
 

Rockwell Automation has released updates to fix vulnerabilities in their products. Users of affected versions are advised to update to the latest version.

Affected Products

 

CVE-2024-6242

  • ControlLogix® 5580 (1756-L8z) version: V28

 

  • GuardLogix® 5580 (1756-L8zS) version: V31

 

  • 1756-EN4TR version: V2
  • 1756-EN2T, Series A/B/C version: V5.007 (unsigned)/ V5.027 (signed)
  • 1756-EN2F, Series A/B versions: V5.007 (unsigned)/ V5.027 (signed)
  • 1756-EN2TR, Series A/B version: V5.007 (unsigned) / V5.027 (signed)
  • 1756-EN3TR, Series B version: V5.007 (unsigned) / V5.027 (signed)
     
  • 1756-EN2T, Series D version: V10.006
  • 1756-EN2F, Series C version: V10.009
  • 1756-EN2TR, Series C version: V10.007
  • 1756-EN3TR, Series B version: V10.007
  • 1756-EN2TP, Series A version: V10.020

     

 

Resolved Vulnerabilities

 

Authentication Bypass Vulnerability in Logix Controllers (CVE-2024-6242)

 

 

Vulnerability Patches

Vulnerability Patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2024-6242

  • ControlLogix® 5580 (1756-L8z) versions: V32.016, V33.015, V34.014, V35.011 or later

 

  • GuardLogix® 5580 (1756-L8zS) versions: V32.016, V33.015, V34.014, V35.011 or later

 

  • 1756-EN4TR versions: V5.001 or later
  • 1756-EN2T, Series A/B/C versions: Series D
  • 1756-EN2F, Series A/B versions: Series D
  • 1756-EN2TR, Series A/B versions: Series D
  • 1756-EN3TR, Series B version: Series D
     
  • 1756-EN2T, Series D versions: V12.001 or later
  • 1756-EN2F, Series C versions: V12.001 or later
  • 1756-EN2TR, Series C versions: V12.001 or later
  • 1756-EN3TR, Series B versions: V12.001 or later
  • 1756-EN2TP, Series A versions: V12.001 or later

     

 

Referenced Sites

 

[1] CVE-2024-6242 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-6242

[2] SD1682 | Chassis Restrictions Bypass Vulnerability in Select Logix Devices

https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1682.html

Article Link: Rockwell Automation Family Security Update Advisory (CVE-2024-6242) – ASEC