Unprotected Alternate Channel
CVE-2024-6242
Summary
A vulnerability exists in Rockwell Automation affected products that allows a threat actor to bypass the Trusted® Slot feature in a ControlLogix® controller. If exploited on any affected module in a 1756 chassis, a threat actor could potentially execute CIP commands that modify user projects and/or device configuration on a Logix controller in the chassis.
- LOW
- NETWORK
- NONE
- LOW
CWE-420 - Unprotected Alternate Channel
The software protects a primary channel, but it does not use the same level of protection for an alternate channel.
References
Advisory Timeline
- Published
