CVE-2024-6078 Rockwell Automation CVE debrief

Who should care

Organizations operating Rockwell Automation DataMosaix Private Cloud for industrial data management and cloud analytics. Security teams responsible for ICS/OT environments, identity and access management administrators, and compliance officers monitoring critical infrastructure protection standards.

Technical summary

The vulnerability stems from improper authentication controls that permit cookie generation without valid credentials. An attacker with network access can craft session cookies for any user ID, bypassing authentication entirely. Successful exploitation grants the attacker full access to the compromised user's account, including the ability to view and modify cloud-stored data. The attack requires no user interaction and can be executed remotely with low complexity.

Defensive priority

critical

Recommended defensive actions

• Upgrade DataMosaix Private Cloud to version 7.09 immediately. Contact Rockwell Automation application support to coordinate the upgrade.
• Review access logs for anomalous authentication events or unexpected user ID associations prior to patching.
• Validate that session cookie generation mechanisms enforce proper authentication and authorization checks after upgrade.
• Implement network segmentation to restrict DataMosaix Private Cloud access to authorized administrative hosts where feasible.
• Monitor for unauthorized data access or modification indicators in cloud-stored data.

Evidence notes

CISA published advisory ICSA-24-226-05 on 2024-08-13 documenting this vulnerability. The affected product is DataMosaix Private Cloud versions prior to 7.07. The CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N yields a base score of 9.1, reflecting network-exploitable, low-complexity, unauthenticated access with high impact to confidentiality and integrity.

Official resources