Rockwell Automation DataMosaix Private Cloud

Act Now9.8ICS-CERT ICSA-25-028-05Jan 28, 2025

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

DataMosaix Private Cloud versions 7.11 and earlier contain vulnerabilities that allow unauthenticated attackers to overwrite reports and user projects. Successful exploitation could corrupt analytics data, historical records, and automation project configurations. Rockwell Automation has released a fix in version 7.11.01.

What this means

What could happen

An attacker with network access to DataMosaix Private Cloud could overwrite reports and user projects, potentially corrupting analytics data, historical records, and automation configurations critical to operations monitoring.

Who's at risk

Manufacturing and process industries using Rockwell Automation DataMosaix Private Cloud for analytics, reporting, and project management should update immediately. Operators and engineers who rely on report data for process decisions and monitoring are at risk if this data is corrupted or overwritten.

How it could be exploited

An attacker on the network could send requests to the DataMosaix Private Cloud to overwrite report files and project data without needing to authenticate. This could be done remotely if the cloud platform is exposed to untrusted networks.

Prerequisites

Network access to DataMosaix Private Cloud instance
No authentication required
Instance running version 7.11 or earlier

Remotely exploitableNo authentication requiredLow complexity attackData integrity impact (report overwrite)All versions 7.11 and below affected

Exploitability

Moderate exploit probability (EPSS 4.6%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

DataEdgePlatform DataMosaix Private Cloud: <=7.11≤ 7.117.11.01

DataEdgePlatform DataMosaix Private Cloud: <=7.09≤ 7.097.11.01

Remediation & Mitigation

0/3

Do now

0/2

HARDENINGRestrict network access to DataMosaix Private Cloud instances from untrusted networks; place behind firewall and isolate from Internet

HARDENINGIf remote access is required, implement VPN with current security patches and strong access controls

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade DataMosaix Private Cloud to version 7.11.01 or later

CVEs (2)

CVE-2025-0659 CVE-2020-11656

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/a27d4991-0f33-4a6a-9bad-79dcd4ce27d4