CVE-2024-6242

A vulnerability exists in Rockwell Automation affected products that allows a threat actor to bypass the Trusted® Slot feature in a ControlLogix® controller. If exploited on any affected module in a 1756 chassis, a threat actor could potentially execute CIP commands that modify user projects and/or device configuration on a Logix controller in the chassis.

CVSS

No CVSS.

References

Link	Resource
https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1682.html

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) Existe una vulnerabilidad en los productos afectados de Rockwell Automation que permite a un actor de amenazas eludir la función Trusted® Slot en un controlador ControlLogix®. Si se explota en cualquier módulo afectado en un chasis 1756, un actor de amenazas podría potencialmente ejecutar comandos CIP que modifiquen los proyectos de usuario y/o la configuración del dispositivo en un controlador Logix en el chasis.

01 Aug 2024, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-08-01 16:15

Updated : 2026-04-15 00:35

NVD link : CVE-2024-6242

Mitre link : CVE-2024-6242

CVE.ORG link : CVE-2024-6242

JSON object : View

Products Affected

No product.

CWE

CWE-420

Unprotected Alternate Channel

{"id": "CVE-2024-6242", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "PSIRT@rockwellautomation.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:H/SC:L/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2024-08-01T16:15:07.013", "references": [{"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1682.html", "source": "PSIRT@rockwellautomation.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "PSIRT@rockwellautomation.com", "description": [{"lang": "en", "value": "CWE-420"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability exists in Rockwell Automation affected products that allows a threat actor to bypass the Trusted\u00ae Slot feature in a ControlLogix\u00ae controller. If exploited on any affected module in a 1756 chassis, a threat actor could potentially execute CIP commands that modify user projects and/or device configuration on a Logix controller in the chassis."}, {"lang": "es", "value": " Existe una vulnerabilidad en los productos afectados de Rockwell Automation que permite a un actor de amenazas eludir la funci\u00f3n Trusted\u00ae Slot en un controlador ControlLogix\u00ae. Si se explota en cualquier m\u00f3dulo afectado en un chasis 1756, un actor de amenazas podr\u00eda potencialmente ejecutar comandos CIP que modifiquen los proyectos de usuario y/o la configuraci\u00f3n del dispositivo en un controlador Logix en el chasis."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "PSIRT@rockwellautomation.com"}