Rockwell FactoryTalk® DataMosaix™ Private Cloud SQL Injection
Plan Patch8.8SD1765Dec 9, 2025
Summary
FactoryTalk DataMosaix Private Cloud contains a SQL injection vulnerability in the web interface or API. An unauthenticated attacker with network access could inject malicious SQL commands to read, modify, or delete data stored in the backend database, including process historian records, configuration data, and audit logs. This affects all versions of FactoryTalk DataMosaix Private.
What this means
What could happen
An attacker could inject malicious SQL commands through FactoryTalk DataMosaix Private Cloud to read, modify, or delete data in the underlying database. This could compromise process historians, audit logs, and configuration settings that operators rely on for safe and efficient plant operations.
Who's at risk
Water utilities, electric utilities, and manufacturers who use FactoryTalk DataMosaix Private Cloud for process data archival, analytics, and reporting should prioritize this issue. The risk is highest for sites where the DataMosaix interface is accessible from engineering networks or the internet.
How it could be exploited
An attacker with network access to the FactoryTalk DataMosaix Private Cloud interface could craft malicious input in web forms or API parameters to inject SQL commands. The injected SQL would execute against the backend database, allowing the attacker to extract sensitive operational data, modify setpoints or alarm thresholds, or corrupt historian records.
Prerequisites
- Network access to FactoryTalk DataMosaix Private Cloud web interface or API endpoints
- No authentication required to exploit the SQL injection vulnerability
Remotely exploitableNo authentication requiredNo patch availableHigh CVSS score (8.8)Affects data integrity and confidentiality
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
FactoryTalk DataMosaix PrivateAll versionsNo fix (EOL)
Remediation & Mitigation
0/5
Do now
0/3HARDENINGRestrict network access to the FactoryTalk DataMosaix Private Cloud web interface using firewall rules; limit access to trusted engineering workstations and operator networks only
HARDENINGImplement Web Application Firewall (WAF) rules to detect and block SQL injection patterns in HTTP requests to the DataMosaix interface
HARDENINGMonitor database logs and application logs for SQL injection attempts and unusual query patterns
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
WORKAROUNDConsult with Rockwell Automation on custom mitigations, compensating controls, or workarounds until a patch is released
Long-term hardening
0/1HOTFIXPlan for migration to a patched version of FactoryTalk DataMosaix or alternative data management platform when Rockwell Automation releases a fix
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/b94dc9e2-59a2-4a0c-a7b7-d55880249481