Rockwell Automation FactoryTalk DataMosaix Private Cloud
Plan PatchCVSS 8.8ICS-CERT ICSA-26-013-02Dec 9, 2025
Rockwell Automation
Attack path
Attack VectorNetwork
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary
A SQL injection vulnerability exists in FactoryTalk DataMosaix Private Cloud and the on-premises Private version. An authenticated attacker could perform unauthorized database operations, including reading, modifying, or deleting sensitive production and historical data. FactoryTalk DataMosaix Private (on-premises) has no planned fix. Cloud versions 7.11, 8.00, and 8.01 are fixed in version 8.01.02 or later.
What this means
What could happen
An attacker with login credentials could perform unauthorized database operations on FactoryTalk DataMosaix, potentially altering or exfiltrating production data, historical records, or analytics that operators rely on for process control and optimization decisions.
Who's at risk
Organizations running FactoryTalk DataMosaix Private Cloud (versions 7.11, 8.00, and 8.01) or FactoryTalk DataMosaix Private (on-premises) should be concerned. This affects manufacturers and utilities using Rockwell Automation's historian and data analytics platform for production monitoring, energy tracking, and process optimization.
How it could be exploited
An attacker with valid credentials to the FactoryTalk DataMosaix system could inject SQL commands into database queries, allowing them to read, modify, or delete data without authorization. This requires access to the application interface and valid login credentials.
Prerequisites
- Valid login credentials for FactoryTalk DataMosaix Private Cloud
- Network access to the FactoryTalk DataMosaix application interface
requires valid credentialsSQL injection vulnerabilityno authentication required for unauthenticated versions not confirmed in advisoryaffects data confidentiality and integrity
Exploitability
Unlikely to be exploited — EPSS score 0.1%
Affected products (4)
3 with fix1 EOL
ProductAffected VersionsFix Status
FactoryTalk DataMosaix PrivateAll versionsNo fix (EOL)
FactoryTalk DataMosaix Private Cloud: 7.117.118.01.02+
FactoryTalk DataMosaix Private Cloud: 8.008.008.01.02+
FactoryTalk DataMosaix Private Cloud: 8.018.018.01.02+
Remediation & Mitigation
0/3
Do now
0/2FactoryTalk DataMosaix Private
HARDENINGFor FactoryTalk DataMosaix Private (on-premises) systems, implement role-based access controls to limit database query privileges to only necessary operator accounts
All products
WORKAROUNDImplement network access controls to restrict connectivity to FactoryTalk DataMosaix systems to authorized administrative and engineering workstations only
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
FactoryTalk DataMosaix Private
HOTFIXUpdate FactoryTalk DataMosaix Private Cloud to version 8.01.02 or later
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/f4c93890-86db-48f4-9cc9-127618a38da5Get OT security insights every Tuesday
Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.