Rockwell Automation DataMosaix Private Cloud

Act Now9.8ICS-CERT ICSA-24-284-16Oct 10, 2024

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Rockwell Automation DataMosaix Private Cloud versions 7.07 and earlier contain multiple critical vulnerabilities (CWE-326, CWE-787, CWE-273, CWE-1357, CWE-476) that allow remote code execution, data exposure, and denial-of-service conditions. Successful exploitation requires only network access to the unpatched DataMosaix instance and no valid credentials. An attacker could execute arbitrary code on the platform, access customer data, or cause a denial-of-service condition affecting the analytics and monitoring functions.

What this means

What could happen

An attacker could execute arbitrary code on DataMosaix Private Cloud, allowing them to access customer data, disrupt operations, or gain control of the analytics platform that monitors and reports on industrial processes.

Who's at risk

Organizations using Rockwell Automation DataMosaix Private Cloud for industrial analytics and monitoring should prioritize this vulnerability. This includes water utilities, electric utilities, and manufacturing facilities that rely on DataMosaix to collect and analyze sensor data from their control systems and equipment.

How it could be exploited

An attacker on the network can send a specially crafted request to an unpatched DataMosaix Private Cloud instance (version 7.07 or earlier). The vulnerability allows remote code execution without authentication, giving the attacker the ability to run commands with the privileges of the DataMosaix application.

Prerequisites

Network access to DataMosaix Private Cloud instance
Target running version 7.07 or earlier
DataMosaix Private Cloud accessible from attacker's network segment

remotely exploitableno authentication requiredlow complexityhigh EPSS score (49.6%)affects data analytics and monitoring platform

Exploitability

High exploit probability (EPSS 49.6%)

Affected products (1)

ProductAffected VersionsFix Status

DataMosaix Private Cloud: <=7.07≤ 7.07v7.09

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGIsolate DataMosaix Private Cloud behind a firewall and restrict network access to only authorized engineering and monitoring systems

HARDENINGDo not expose DataMosaix Private Cloud to the internet or untrusted networks

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate DataMosaix Private Cloud to version v7.09 or later

Long-term hardening

0/1

HARDENINGIf remote access to DataMosaix is required, implement a VPN with current security patches and require authentication

CVEs (6)

CVE-2019-9893 CVE-2019-9923 CVE-2019-14855 CVE-2019-17543 CVE-2019-18276 CVE-2019-19244

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/0388e671-ced4-4e5a-ae5c-06fe23c99429