Rockwell Automation FactoryTalk DataMosaix Private Cloud

Plan Patch8.8ICS-CERT ICSA-26-013-02Jan 13, 2026

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

SQL injection vulnerability in FactoryTalk DataMosaix Private Cloud allows an authenticated attacker to perform unauthorized database operations. The vulnerability exists in versions 7.11, 8.00, and 8.01. An attacker with valid engineering credentials could read, modify, or delete manufacturing data stored in the DataMosaix database, including production history, batch records, and equipment telemetry. Rockwell Automation recommends upgrading to Version 8.01.02 or later.

What this means

What could happen

An attacker with valid engineering credentials could perform unauthorized database operations on FactoryTalk DataMosaix, potentially accessing, modifying, or deleting critical manufacturing data or historical process records.

Who's at risk

Manufacturing operations using Rockwell Automation's FactoryTalk DataMosaix Private Cloud as a data historian or manufacturing analytics platform. This affects organizations in discrete manufacturing, process industries (chemical, refining, pharma), food and beverage, and utilities that rely on DataMosaix for production data collection and reporting.

How it could be exploited

An attacker with valid engineering workstation credentials accesses the FactoryTalk DataMosaix Private Cloud interface over the network and exploits an SQL injection vulnerability (CWE-89) in the database query handling to execute arbitrary database commands.

Prerequisites

Valid engineering workstation credentials for FactoryTalk DataMosaix
Network access to FactoryTalk DataMosaix Private Cloud on port 443 (HTTPS)
Affected software version installed (7.11, 8.00, or 8.01)

SQL injection vulnerability (CWE-89)requires valid credentials (reduces risk from external attackers)remotely exploitable over networkhigh confidentiality/integrity impact to manufacturing dataaffects data historian—critical for production visibility

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (3)

3 with fix

ProductAffected VersionsFix Status

FactoryTalk DataMosaix Private Cloud: 7.117.118.01.02 or later

FactoryTalk DataMosaix Private Cloud: 8.008.008.01.02 or later

FactoryTalk DataMosaix Private Cloud: 8.018.018.01.02 or later

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGRestrict network access to FactoryTalk DataMosaix Private Cloud to trusted engineering workstations only using firewall rules or network segmentation

HARDENINGReview and audit user accounts with FactoryTalk DataMosaix access; remove inactive or unnecessary engineering credentials

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate FactoryTalk DataMosaix Private Cloud to Version 8.01.02 or later

Long-term hardening

0/1

HARDENINGApply Rockwell Automation's published security best practices for FactoryTalk DataMosaix deployment and configuration

CVEs (1)

CVE-2025-12807

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/f4c93890-86db-48f4-9cc9-127618a38da5