Login Sign Up

CVE-2024-6436

6.5 MEDIUM
Denial of Service

📋 TL;DR

An input validation vulnerability in Rockwell Automation Sequence Manager allows attackers to send malformed packets causing denial-of-service. The device becomes unresponsive requiring manual restart, and users lose visibility into downstream equipment sequences while operations continue. This affects industrial control systems using vulnerable Sequence Manager versions.

💻 Affected Systems

Products:
  • Rockwell Automation Sequence Manager
Versions: All versions prior to 6.01.00
Operating Systems: Windows-based industrial control systems
Default Config Vulnerable: ⚠️ Yes
Notes: Affects systems using Sequence Manager for equipment sequence monitoring and control in industrial environments.

📦 What is this software?

Sequencemanager by Rockwellautomation

View all CVEs affecting Sequencemanager →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Critical industrial process disruption requiring manual restart, loss of operational visibility, and potential safety implications if operators cannot monitor equipment sequences.

🟠

Likely Case

Temporary denial-of-service requiring manual device restart and loss of monitoring capability for equipment sequences.

🟢

If Mitigated

No impact if proper network segmentation and input validation controls are implemented.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Vulnerability involves sending malformed packets to the server, which suggests relatively simple exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 6.01.00

Vendor Advisory: https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1679.html

Restart Required: Yes

Instructions:

1. Download Sequence Manager version 6.01.00 from Rockwell Automation website. 2. Backup current configuration. 3. Install the update following vendor documentation. 4. Restart the system. 5. Verify functionality.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to Sequence Manager to only authorized systems and users.

Firewall Rules

all

Implement firewall rules to block unnecessary traffic to Sequence Manager ports.

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate Sequence Manager from untrusted networks
  • Deploy intrusion detection/prevention systems to monitor for malformed packet patterns

🔍 How to Verify

Check if Vulnerable:

Check Sequence Manager version in application interface or installation directory. Versions below 6.01.00 are vulnerable.

Check Version:

Check application 'About' section or installation properties

Verify Fix Applied:

Confirm version is 6.01.00 or higher and test system responsiveness to normal operations.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected service restarts
  • Connection errors to Sequence Manager
  • System unresponsiveness logs

Network Indicators:

  • Unusual packet patterns to Sequence Manager ports
  • Multiple connection attempts with malformed data

SIEM Query:

source="SequenceManager" AND (event_type="crash" OR event_type="unresponsive")

📊 Metadata

CVE ID: CVE-2024-6436
CVSS v3 Score: 6.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-20
Published: September 27, 2024
Last Updated: October 22, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-6436, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)
CVE-2024-3400 10.0

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProte...

Same vulnerability type (CWE-20)
CVE-2023-42802 10.0

This critical vulnerability in GLPI allows attackers to upload malicious PHP files to unauthorized d...

Same vulnerability type (CWE-20)