CVE-2020-11656 Rockwell Automation CVE debrief

Who should care

Organizations running Rockwell Automation DataEdgePlatform DataMosaix Private Cloud, especially environments that support industrial automation or other OT/ICS operations and teams responsible for patching or securing affected deployments.

Technical summary

The issue is described as a use-after-free vulnerability in SQLite’s ALTER TABLE implementation. CISA notes that it was demonstrated by an ORDER BY clause in a compound SELECT statement. In the supplied advisory metadata, the flaw is scored CVSS 3.1 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), and the affected product range is listed as Rockwell Automation DataEdgePlatform DataMosaix Private Cloud <=7.09.

Defensive priority

Immediate remediation priority for exposed or in-use systems.

Recommended defensive actions

• Upgrade Rockwell Automation DataEdgePlatform DataMosaix Private Cloud to v7.11.01 or later as recommended by the vendor.
• Confirm whether any deployed instances are at version 7.09 or earlier and schedule urgent remediation for all affected assets.
• Review the Rockwell Automation security advisory and apply the vendor’s suggested security best practices.
• Use CISA ICS recommended practices and defense-in-depth guidance to reduce exposure around industrial automation systems.
• If upgrades must be staged, limit access to affected systems and closely monitor for unexpected application or database faults.

Evidence notes

The supplied CISA CSAF advisory ICSA-25-028-05 was published and modified on 2025-01-28. It identifies Rockwell Automation DataEdgePlatform DataMosaix Private Cloud as affected at <=7.09 and states the issue is fixed in v7.11.01. The description attributes the flaw to SQLite’s ALTER TABLE implementation and says it was demonstrated with an ORDER BY clause in a compound SELECT statement. The supplied corpus does not include a KEV listing for this CVE.

Official resources