CVE-2024-6242

Published: Aug 1, 2024

Modified: Sep 25, 2025

PUBLISHED

Description

A vulnerability exists in Rockwell Automation affected products that allows a threat actor to bypass the Trusted® Slot feature in a ControlLogix® controller. If exploited on any affected module in a 1756 chassis, a threat actor could potentially execute CIP commands that modify user projects and/or device configuration on a Logix controller in the chassis.

Vendor	Product	Versions
Rockwell Automation	ControlLogix® 5580 (1756-L8z)	affected `V28`
Rockwell Automation	GuardLogix® 5580 (1756-L8zS)	affected `V31`
Rockwell Automation	1756-EN4TR	affected `V2`
Rockwell Automation	1756-EN2T	affected `v5.007(unsigned)/v5.027(signed)`
Rockwell Automation	1756-EN2F	affected `v5.007(unsigned)/v5.027(signed)`
Rockwell Automation	1756-EN2TR	affected `v5.007(unsigned)/v5.027(signed)`
Rockwell Automation	1756-EN3TR	affected `v5.007(unsigned)/v5.027(signed)`
Rockwell Automation	1756-EN2T	affected `1756-EN2T/D: V10.006`
Rockwell Automation	1756-EN2F	affected `1756-EN2F/C: V10.009`
Rockwell Automation	1756-EN2TR	affected `1756-EN2TR/C: V10.007`
Rockwell Automation	1756-EN3TR	affected `1756-EN3TR/B: V10.007`
Rockwell Automation	1756-EN2TP	affected `1756-EN2TP/A: V10.020`

Weaknesses (CWE)

CWE-420

References

https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1682.html

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-6242

Description

Affected Products

Weaknesses (CWE)

References