Rockwell Automation SequenceManager

Plan PatchCVSS 7.5ICS-CERT ICSA-24-254-03Sep 10, 2024

Rockwell Automation

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

SequenceManager versions prior to 2.0 contain an input validation vulnerability (CWE-20) that could allow a remote attacker to cause a denial-of-service condition. Successful exploitation would crash the SequenceManager service, disrupting automation and sequencing operations. No public exploitation has been reported.

What this means

What could happen

A denial-of-service attack could crash SequenceManager, disrupting process automation and sequencing control across connected plant systems until the service is manually restarted.

Who's at risk

Rockwell Automation SequenceManager users in manufacturing, water treatment, utilities, and other process automation environments where sequence control is critical to operations. Any facility using SequenceManager versions prior to 2.0 for automated process sequencing, batch control, or multi-step production workflows.

How it could be exploited

An attacker with network access to SequenceManager could send malformed input (CWE-20: Improper Input Validation) to trigger a denial-of-service condition. The attack requires no authentication and can be executed remotely over the network.

Prerequisites

Network access to SequenceManager service port
No authentication required
Ability to send crafted network packets to the SequenceManager endpoint

remotely exploitableno authentication requiredlow complexitydenial-of-service impact on process control

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (1)

ProductAffected VersionsFix Status

SequenceManager: <2.0<2.02.0+

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDRestrict network access to SequenceManager to authorized engineering workstations and control systems only; block inbound connections from untrusted networks

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade SequenceManager to version 2.0 or later

Long-term hardening

0/2

HARDENINGPlace SequenceManager on an isolated control system network behind firewalls, separate from business/IT networks

HARDENINGImplement network segmentation so SequenceManager is not directly accessible from the internet or from business networks

CVEs (1)

CVE-2024-6436

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/9747995e-f2dd-4c83-bf73-8c993de62928

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.