Bypassing Rockwell Automation Logix Controllers’ Local Chassis Security Protection

Team82 disclosed CVE-2024-6242: a vulnerability in Rockwell Automation ControlLogix 1756 chassis where CIP routing can be used to 'jump' between local backplane slots and bypass the trusted-slot security, enabling an attacker with network access to send elevated commands (e.g., download logic) to the PLC CPU; Rockwell released a fix and the advisory includes a Snort rule to detect such 'jump' forward-open requests.