Primary

Context

Rockwell Automation FactoryTalk DataMosaix Private Cloud SQL Injection Vulnerability

Vulnerability

A SQL injection vulnerability has been identified in Rockwell Automation's FactoryTalk DataMosaix Private Cloud. This issue allows low-privilege users to execute sensitive database operations via exposed API endpoints. The vulnerability affects versions 7.11, 8.00, and 8.01, and has been corrected in version 8.01.02.

Impact

Exploitation of this vulnerability allows for unauthorized database operations, potentially leading to data manipulation or disclosure.

Remediation

Users of the affected software should upgrade to version 8.01.02. For those unable to upgrade, Rockwell Automation recommends following their security best practices.

Added: Dec 9, 2025, 8:53 PM

Updated: Dec 9, 2025, 8:53 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

7.7

relevance

1.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

7.7

relevance

1.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Rockwell Automation FactoryTalk DataMosaix Private Cloud SQL Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating