Sign-up

ID

VAR-202409-2142


CVE

CVE-2024-6436


TITLE

Rockwell Automation SequenceManager Input Validation Error Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2024-46728

DESCRIPTION

An input validation vulnerability exists in the Rockwell Automation Sequence Managerâ„¢ which could allow a malicious user to send malformed packets to the server and cause a denial-of-service condition. If exploited, the device would become unresponsive, and a manual restart will be required for recovery. Additionally, if exploited, there could be a loss of view for the downstream equipment sequences in the controller. Users would not be able to view the status or command the equipment sequences, however the equipment sequence would continue to execute uninterrupted. Rockwell Automation SequenceManager is a controller-based basic batch management system from Rockwell Automation, USA

Trust: 1.44

sources: NVD: CVE-2024-6436 // CNVD: CNVD-2024-46728

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-46728

AFFECTED PRODUCTS

vendor:rockwellmodel:automation rockwell automation sequencemanagerscope:ltversion:2.0

Trust: 0.6

sources: CNVD: CNVD-2024-46728

CVSS

SEVERITY

CVSSV2

CVSSV3

PSIRT@rockwellautomation.com: CVE-2024-6436
value: HIGH

Trust: 1.0

CNVD: CNVD-2024-46728
value: HIGH

Trust: 0.6

CNVD: CNVD-2024-46728
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2024-46728 // NVD: CVE-2024-6436

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.0

sources: NVD: CVE-2024-6436

PATCH

title:Patch for Rockwell Automation SequenceManager Input Validation Error Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/634586

Trust: 0.6

sources: CNVD: CNVD-2024-46728

EXTERNAL IDS

db:NVDid:CVE-2024-6436

Trust: 1.6

db:CNVDid:CNVD-2024-46728

Trust: 0.6

sources: CNVD: CNVD-2024-46728 // NVD: CVE-2024-6436

REFERENCES

url:https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.sd1679.html

Trust: 1.6

sources: CNVD: CNVD-2024-46728 // NVD: CVE-2024-6436

SOURCES

db:CNVDid:CNVD-2024-46728
db:NVDid:CVE-2024-6436

LAST UPDATE DATE

2024-12-21T23:01:33.450000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-46728date:2024-12-02T00:00:00
db:NVDid:CVE-2024-6436date:2024-09-30T12:45:57.823

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-46728date:2024-12-02T00:00:00
db:NVDid:CVE-2024-6436date:2024-09-27T20:15:06.043