Rockwell Automation DataEdge Platform DataMosaix Private Cloud Path Traversal Vulnerability
Vulnerability
A path traversal vulnerability has been identified in Rockwell Automation's DataEdge Platform DataMosaix Private Cloud, affecting versions 7.11 and prior. This vulnerability allows an attacker with admin privileges to overwrite files outside the intended directory, including reports and user projects. The issue arises from the vulnerable endpoint accepting character sequences that can manipulate file paths.
Impact
Exploitation of this vulnerability could lead to unauthorized overwriting of files, including sensitive reports and user projects, potentially causing data loss or disruption of services.
Remediation
Users can upgrade to DataEdge Platform DataMosaix Private Cloud version 7.11.01 to address this vulnerability. For general guidance on mitigating security risks in industrial automation control systems, Rockwell Automation recommends following their suggested security best practices.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.