CVE-2024-6242 HIGH

CVE-2024-6242: Rockwell Automation Chassis Restrictions Bypass Vulnerability in Select Logix Devices

Vendor Rockwell Automation
Product ControlLogix® 5580 (1756-L8z)
Weakness CWE-420
Published August 1, 2024
Last update September 25, 2025

CVSS base score

7.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:H/SC:L/SI:H/SA:H

What the vulnerability does

01Description

A vulnerability exists in Rockwell Automation affected products that allows a threat actor to bypass the Trusted® Slot feature in a ControlLogix® controller. If exploited on any affected module in a 1756 chassis, a threat actor could potentially execute CIP commands that modify user projects and/or device configuration on a Logix controller in the chassis.

Key dates

02Disclosure timeline

August 1, 2024 CVE published
September 25, 2025 Record updated