Summary
Successful exploitation of this vulnerability could allow an attacker to perform unauthorized sensitive database operations.
The following versions of Rockwell Automation FactoryTalk DataMosaix Private Cloud are affected:
- FactoryTalk DataMosaix Private Cloud (CVE-2025-12807)
- FactoryTalk DataMosaix Private Cloud (CVE-2025-12807)
- FactoryTalk DataMosaix Private Cloud (CVE-2025-12807)
| CVSS | Vendor | Equipment | Vulnerabilities |
|---|---|---|---|
| v3 8.8 | Rockwell Automation | Rockwell Automation FactoryTalk DataMosaix Private Cloud | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) |
Background
- Critical Infrastructure Sectors: Critical Manufacturing
- Countries/Areas Deployed: Worldwide
- Company Headquarters Location: United States
Vulnerabilities
CVE-2025-12807
A security issue was discovered in DataMosaix Private Cloud, allowing users with low privilege to perform sensitive database operations through exposed Application Programming Interface (API) endpoints.
Affected Products
Rockwell Automation FactoryTalk DataMosaix Private Cloud
Vendor:
Rockwell Automation
Rockwell Automation
Product Version:
Rockwell Automation FactoryTalk DataMosaix Private Cloud: 7.11, Rockwell Automation FactoryTalk DataMosaix Private Cloud: 8.00, Rockwell Automation FactoryTalk DataMosaix Private Cloud: 8.01
Rockwell Automation FactoryTalk DataMosaix Private Cloud: 7.11, Rockwell Automation FactoryTalk DataMosaix Private Cloud: 8.00, Rockwell Automation FactoryTalk DataMosaix Private Cloud: 8.01
Product Status:
known_affected
known_affected
Remediations<
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from All CISA Advisories
Read the original article:
Read the original article: