OTPulse
FeedAboutContact

Rockwell Automation DataMosaix Private Cloud

Act Now9.1ICS-CERT ICSA-24-226-05Aug 13, 2024
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

DataMosaix Private Cloud versions prior to 7.07 contain an authentication bypass vulnerability (CWE-287) that allows an attacker to generate valid session cookies for any user ID without providing credentials. Successful exploitation grants unauthorized access to user accounts and the application.

What this means
What could happen
An attacker could log into DataMosaix Private Cloud as any user without knowing credentials, gaining unauthorized access to industrial data analytics and potentially manipulating monitored process parameters or operational insights that depend on accurate data.
Who's at risk
This affects water utilities, electric utilities, and other industrial operators who use Rockwell Automation's DataMosaix Private Cloud for operational data analytics and process monitoring. Organizations relying on DataMosaix for insights into SCADA data, equipment performance, or process control decisions are at risk.
How it could be exploited
An attacker with network access to the DataMosaix Private Cloud interface can send a crafted request to the authentication endpoint that bypasses credential validation and generates a valid session cookie for a target user ID. The attacker can then use this cookie to gain authenticated access to the application as that user.
Prerequisites
  • Network access to the DataMosaix Private Cloud web interface
  • Knowledge of a valid user ID in the system
  • No authentication credentials required
Remotely exploitableNo authentication requiredLow complexityAffects industrial data analytics systemsNo patch available for versions before 7.07
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (1)
ProductAffected VersionsFix Status
DataMosaix Private Cloud: <7.07<7.077.09
Remediation & Mitigation
0/4
Do now
0/1
HARDENINGRestrict network access to DataMosaix Private Cloud to authorized users only; place the system behind a firewall and isolate it from the internet and business networks
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade DataMosaix Private Cloud to version 7.09 or later
Long-term hardening
0/2
HARDENINGImplement Virtual Private Network (VPN) access for remote connections to DataMosaix Private Cloud
HARDENINGMonitor for suspicious authentication activity and session anomalies; implement logging and alerting on failed and successful login attempts
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/ef570c94-126f-4919-9049-57623ce31db9