CVE-2024-7952 Rockwell Automation CVE debrief

Who should care

Organizations operating Rockwell Automation DataMosaix Private Cloud for industrial data management, particularly in manufacturing and critical infrastructure environments. Security teams responsible for OT/ICS asset protection and compliance with industrial cybersecurity frameworks.

Technical summary

CVE-2024-7952 is a data exposure vulnerability in Rockwell Automation DataMosaix Private Cloud versions 7.07 and earlier. The vulnerability stems from hardcoded links embedded in the application's source code that reference JSON files. These endpoints are reachable without authentication, allowing a remote, unauthenticated threat actor to view customer data. The CVSS 3.1 score of 7.5 (HIGH) reflects network attack vector, low attack complexity, no privileges required, no user interaction, and high confidentiality impact with no integrity or availability impact. Rockwell Automation has addressed this issue in version 7.09.

Defensive priority

HIGH

Recommended defensive actions

• Upgrade to DataMosaix Private Cloud version 7.09 or later to remediate this vulnerability
• If immediate upgrade is not possible, apply security best practices per Rockwell Automation guidance
• Review network access controls to limit exposure of DataMosaix Private Cloud instances
• Monitor for unauthorized access attempts to JSON endpoints
• Refer to Rockwell Automation security advisory for additional mitigation guidance

Evidence notes

CISA published advisory ICSA-24-284-15 on October 10, 2024, confirming hardcoded links in source code leading to unauthenticated JSON file access. Rockwell Automation has released version 7.09 to address this issue.

Official resources