Rockwell Automation’s SequenceManager has been found to have a vulnerability, CVE-2024-6436, which could allow remote attackers to exploit improper input validation in the software. The flaw exists in versions prior to 2.0 of SequenceManager, a logix controller-based batch and sequencing solution. Exploiting this vulnerability could allow attackers to send malformed packets to the server, potentially causing a denial-of-service (DoS) condition. Once exploited, the device would become unresponsive, requiring a manual restart for recovery, and users would lose visibility and control over equipment sequences, although the sequences would continue executing normally.
The CVSS v4 score for this vulnerability is calculated at 8.7, indicating high severity. The flaw affects critical infrastructure sectors, specifically critical manufacturing, and impacts users globally. Despite the disruption caused to the device’s interface, the equipment would remain functional, albeit without user oversight or control. Rockwell Automation, headquartered in the United States, has reported the issue to CISA and strongly recommends users upgrade to version 2.0 or higher to address the vulnerability.
In addition to the upgrade, Rockwell Automation and CISA have suggested other defensive measures to minimize the risk of exploitation. These include minimizing network exposure for control systems by isolating them from business networks and ensuring they are not accessible from the internet. CISA also recommends using more secure methods for remote access, such as Virtual Private Networks (VPNs), which should be regularly updated to mitigate vulnerabilities. A proper risk assessment should be conducted before implementing any defensive strategies.
While no known public exploitation of the vulnerability has been reported, CISA encourages organizations to follow established cybersecurity practices and report any suspicious activity. They also emphasize educating users on avoiding social engineering and phishing attacks that could be used to compromise the security of control systems. CISA’s guidelines for defense-in-depth strategies are available, offering further resources for strengthening cybersecurity and preventing attacks targeting industrial control systems.
Reference:
