Primary

Context

Rockwell Automation FactoryTalk DataMosaix Private Cloud Persistent Cross-Site Scripting Vulnerability

Vulnerability

A persistent cross-site scripting vulnerability has been identified in Rockwell Automation's FactoryTalk DataMosaix Private Cloud. This issue allows for the execution of malicious JavaScript, potentially leading to account takeover, credential theft, or redirection to harmful websites. The vulnerability affects versions 7.11, 8.00, and 8.01, and arises from improper encoding or escaping of output.

Impact

Exploitation of this vulnerability allows for persistent cross-site scripting, where injected scripts are executed in the context of the user.

Remediation

Users can upgrade to version 8.01 to address this vulnerability. For those unable to upgrade, Rockwell Automation recommends following their security best practices.

Added: Nov 11, 2025, 2:21 PM

Updated: Nov 11, 2025, 2:21 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.4

exploitability

5.0

remediation

7.7

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.4

exploitability

5.0

remediation

7.7

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Rockwell Automation FactoryTalk DataMosaix Private Cloud Persistent Cross-Site Scripting Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating