CVE-2024-6242 : A vulnerability exists in Rockwell Automation affected products that allows a th

A vulnerability exists in Rockwell Automation affected products that allows a threat actor to bypass the Trusted® Slot feature in a ControlLogix® controller. If exploited on any affected module in a 1756 chassis, a threat actor could potentially execute CIP commands that modify user projects and/or device configuration on a Logix controller in the chassis.

Published 2024-08-01 16:15:07

Updated 2024-08-01 16:45:25

Source Rockwell Automation

View at NVD, CVE.org

Products affected by CVE-2024-6242

Please log in to view affected product information.

Exploit prediction scoring system (EPSS) score for CVE-2024-6242

EPSS FAQ

0.24%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 47 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2024-6242

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.3	HIGH	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/V...	N/A	N/A	Rockwell Automation	2024-08-01
Attack Vector: Network Attack Complexity: Low Attack Requirements: Present Privileges Required: Low User Interaction: None Confidentiality (VC): Low Integrity (VI): High Availability (VA): High

CWE ids for CVE-2024-6242

CWE-420 Unprotected Alternate Channel

The product protects a primary channel, but it does not use the same level of protection for an alternate channel.

Assigned by: PSIRT@rockwellautomation.com (Secondary)

References for CVE-2024-6242

https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1682.html

Security Advisory | Rockwell Automation | US

Jump to

Vulnerability Details : CVE-2024-6242

Products affected by CVE-2024-6242

Exploit prediction scoring system (EPSS) score for CVE-2024-6242

CVSS scores for CVE-2024-6242

CWE ids for CVE-2024-6242

References for CVE-2024-6242