Overview
Rockwell Automation has released updates to fix vulnerabilities in their products. Users of affected versions are advised to update to the latest version.
Affected Products
CVE-2024-6242
- ControlLogix® 5580 (1756-L8z) version: V28
- GuardLogix® 5580 (1756-L8zS) version: V31
- 1756-EN4TR version: V2
- 1756-EN2T, Series A/B/C version: V5.007 (unsigned)/ V5.027 (signed)
- 1756-EN2F, Series A/B versions: V5.007 (unsigned)/ V5.027 (signed)
- 1756-EN2TR, Series A/B version: V5.007 (unsigned) / V5.027 (signed)
- 1756-EN3TR, Series B version: V5.007 (unsigned) / V5.027 (signed)
- 1756-EN2T, Series D version: V10.006
- 1756-EN2F, Series C version: V10.009
- 1756-EN2TR, Series C version: V10.007
- 1756-EN3TR, Series B version: V10.007
- 1756-EN2TP, Series A version: V10.020
Resolved Vulnerabilities
Authentication Bypass Vulnerability in Logix Controllers (CVE-2024-6242)
Vulnerability Patches
Vulnerability Patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.
CVE-2024-6242
- ControlLogix® 5580 (1756-L8z) versions: V32.016, V33.015, V34.014, V35.011 or later
- GuardLogix® 5580 (1756-L8zS) versions: V32.016, V33.015, V34.014, V35.011 or later
- 1756-EN4TR versions: V5.001 or later
- 1756-EN2T, Series A/B/C versions: Series D
- 1756-EN2F, Series A/B versions: Series D
- 1756-EN2TR, Series A/B versions: Series D
- 1756-EN3TR, Series B version: Series D
- 1756-EN2T, Series D versions: V12.001 or later
- 1756-EN2F, Series C versions: V12.001 or later
- 1756-EN2TR, Series C versions: V12.001 or later
- 1756-EN3TR, Series B versions: V12.001 or later
- 1756-EN2TP, Series A versions: V12.001 or later
Referenced Sites
[1] CVE-2024-6242 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-6242
[2] SD1682 | Chassis Restrictions Bypass Vulnerability in Select Logix Devices
https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1682.html
Article Link: Rockwell Automation Family Security Update Advisory (CVE-2024-6242) – ASEC