Rockwell Automation DataMosaix Private Cloud

Act NowCVSS 9.8ICS-CERT ICSA-24-284-16Oct 10, 2024

Rockwell Automation

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

DataMosaix Private Cloud versions 7.07 and earlier contain multiple vulnerabilities including improper input validation (CWE-787 buffer overflow), insufficient cryptographic protection (CWE-326), and authentication bypass (CWE-273). These flaws allow remote code execution, denial of service, and unauthorized access to customer data without authentication. Rockwell Automation has released version 7.09 with fixes for these issues.

What this means

What could happen

An attacker could execute remote commands on the DataMosaix Private Cloud server, potentially gaining control of cloud-based analytics data and production visibility, or disrupt the system entirely. This could compromise critical process data, historical trends, and real-time monitoring that operators depend on for decision-making.

Who's at risk

This affects DataMosaix Private Cloud deployments in water utilities, electric utilities, and manufacturing facilities that rely on the cloud-based analytics platform for process monitoring and historical data. Any organization using DataMosaix for SCADA/operational analytics is at risk.

How it could be exploited

An attacker with network access to the DataMosaix Private Cloud API (typically port 443 or 80) can send specially crafted requests to exploit improper input validation and buffer overflow flaws. No authentication is required; the attacker can trigger remote code execution directly from the internet if the service is exposed.

Prerequisites

Network access to DataMosaix Private Cloud web service port (HTTP/HTTPS)
No authentication required

remotely exploitableno authentication requiredlow complexityhigh EPSS score (49.6%)affects cloud-based operational visibility

Exploitability

Likely to be exploited — EPSS score 50.2%

Public Proof-of-Concept (PoC) on GitHub (2 repositories)

Affected products (1)

ProductAffected VersionsFix Status

DataMosaix Private Cloud: <=7.07≤ 7.07v7.09

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDRestrict network access to DataMosaix Private Cloud to only authorized engineering and operations staff; block direct internet access to the service

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate DataMosaix Private Cloud to version 7.09 or later

Long-term hardening

0/2

HARDENINGIf remote access to DataMosaix is required, route traffic through a VPN or firewall with strict access controls rather than exposing the service directly

HARDENINGSegment the DataMosaix Private Cloud server on a separate network from operational production systems (PLCs, RTUs, drives) to contain any compromise

CVEs (6)

CVE-2019-9893 CVE-2019-9923 CVE-2019-14855 CVE-2019-17543 CVE-2019-18276 CVE-2019-19244

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/0388e671-ced4-4e5a-ae5c-06fe23c99429

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.