Rockwell Automation SequenceManager

Plan Patch7.5ICS-CERT ICSA-24-254-03Sep 10, 2024

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Rockwell Automation SequenceManager versions prior to 2.0 contain a vulnerability that allows remote attackers to cause a denial-of-service condition through a specially crafted request. The vulnerability is triggered by improper input validation (CWE-20) and results in service unavailability or crash. SequenceManager versions 2.0 and later contain the fix. Users unable to upgrade are advised to apply network isolation and access controls.

What this means

What could happen

An attacker could cause the SequenceManager service to become unavailable, disrupting sequence execution and process automation in Rockwell Automation environments. This would halt automated control logic until the service is restored.

Who's at risk

Water utilities, municipal electric systems, and other critical infrastructure operators using Rockwell Automation SequenceManager versions prior to 2.0 for process automation and sequence control logic. This affects any facility relying on SequenceManager to orchestrate automated industrial processes.

How it could be exploited

An attacker with network access to SequenceManager (typically port 5000 or configured management port) can send a specially crafted request that triggers a denial-of-service condition, crashing or hanging the service. No authentication is required.

Prerequisites

Network access to SequenceManager management interface
SequenceManager version prior to 2.0 deployed and exposed to network

remotely exploitableno authentication requiredlow complexityno patch available for affected versions

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (1)

ProductAffected VersionsFix Status

SequenceManager: <2.0<2.02.0 or later

Remediation & Mitigation

0/4

Do now

0/3

HARDENINGPlace SequenceManager behind a firewall and restrict network access to authorized engineering workstations only

HARDENINGIsolate SequenceManager and connected automation systems from the business network and internet

WORKAROUNDIf remote access to SequenceManager is required, implement VPN with current security updates

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade SequenceManager to version 2.0 or later

CVEs (1)

CVE-2024-6436

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/9747995e-f2dd-4c83-bf73-8c993de62928