Rockwell Automation DataMosaix Private Cloud

Plan PatchCVSS 8.8ICS-CERT ICSA-24-284-15Oct 10, 2024

Rockwell Automation

Attack path

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Rockwell Automation DataMosaix Private Cloud versions 7.07 and earlier contain authorization and data exposure vulnerabilities (CWE-200, CWE-862, CWE-863). An authenticated user can view customer data they should not have access to and create, modify, or delete projects. The vulnerabilities allow privilege escalation and unauthorized data access. Rockwell Automation has released version 7.09 with fixes.

What this means

What could happen

An authenticated attacker could view sensitive customer data, project information, or create/modify/delete projects in DataMosaix Private Cloud, potentially disrupting data governance and operational insights across your monitored facilities.

Who's at risk

Organizations using Rockwell Automation DataMosaix Private Cloud to monitor production data and project information, including manufacturing facilities, water utilities, and power systems that rely on this cloud analytics platform for operational decision-making.

How it could be exploited

An attacker with valid login credentials to the DataMosaix Private Cloud web interface could exploit authorization flaws (CWE-862/863) to access data they should not have permission to view, or to modify/delete projects belonging to other customers or accounts. The network must be reachable from the attacker's location, but no special network configuration is required.

Prerequisites

Valid user credentials for DataMosaix Private Cloud
Network access to the DataMosaix web interface (HTTP/HTTPS)
Authentication to the application (login credentials required)

remotely exploitablerequires authenticationlow complexity exploitationaffects data confidentiality and integrityno public exploit but authenticated access is common threat

Affected products (1)

ProductAffected VersionsFix Status

DataMosaix Private Cloud: <=7.07≤ 7.07v7.09

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGRestrict network access to DataMosaix Private Cloud to only authorized internal IP addresses and subnets; do not expose the web interface to the internet

HARDENINGImplement firewall rules to block inbound connections to DataMosaix from untrusted networks

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade DataMosaix Private Cloud from version 7.07 or earlier to version 7.09 or later

Long-term hardening

0/1

HARDENINGReview and enforce strong password policies and multi-factor authentication for all DataMosaix user accounts

CVEs (3)

CVE-2024-7952 CVE-2024-7953 CVE-2024-7956

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/1b5e82d4-f0cf-4dad-a01b-b29bfec22d39

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.