CVE-2024-6436

CVE-2024-6436 is a medium-severity vulnerability in Rockwellautomation Sequencemanager with a CVSS 3.x base score of 6.5. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-20.

Key facts

Description

An input validation vulnerability exists in the Rockwell Automation Sequence Manager™ which could allow a malicious user to send malformed packets to the server and cause a denial-of-service condition. If exploited, the device would become unresponsive, and a manual restart will be required for recovery. Additionally, if exploited, there could be a loss of view for the downstream equipment sequences in the controller. Users would not be able to view the status or command the equipment sequences, however the equipment sequence would continue to execute uninterrupted.

Frequently asked questions

What is CVE-2024-6436?
An input validation vulnerability exists in the Rockwell Automation Sequence Manager™ which could allow a malicious user to send malformed packets to the server and cause a denial-of-service condition. If exploited, the device would become unresponsive, and a manual restart will be required for recovery. Additionally, if exploited, there could be a loss of view for the downstream equipment sequences in the controller. Users would not be able to view the status or command the equipment sequences, however the equipment sequence would continue to execute uninterrupted.
How severe is CVE-2024-6436?
CVE-2024-6436 has a CVSS 3.x base score of 6.5, rated medium severity. It is exploitable over network with low attack complexity, requires low privileges and no user interaction. Impact on confidentiality is none, integrity none, and availability high.
Is CVE-2024-6436 being actively exploited?
It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 1% (46th percentile), an estimate of the probability of exploitation in the next 30 days.
What products are affected by CVE-2024-6436?
CVE-2024-6436 affects Rockwellautomation Sequencemanager. See the affected-products list for the exact vulnerable versions.
How do I fix CVE-2024-6436?
Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
Does CVE-2024-6436 have an EU (EUVD) identifier?
Yes. CVE-2024-6436 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2024-47536.
When was CVE-2024-6436 published?
CVE-2024-6436 was published on 2024-09-27 and last updated on 2026-06-17.

References

Affected products (1)

Other CWE-20 (Improper Input Validation) vulnerabilities

Browse all CWE-20 (Improper Input Validation) vulnerabilities →