PatchSiren cyber security CVE debrief
CVE-2024-7953 Rockwell Automation CVE debrief
A vulnerability in Rockwell Automation DataMosaix Private Cloud allows an authenticated threat actor to create a project and become its administrator, enabling unauthorized creation, modification, and deletion of project data. The issue stems from improper authorization controls that fail to restrict project creation privileges. This vulnerability was disclosed by CISA on October 10, 2024, with a CVSS 3.1 score of 8.8 (HIGH severity). Rockwell Automation has released version 7.09 to address this issue.
- Vendor
- Rockwell Automation
- Product
- DataMosaix Private Cloud
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-10-10
- Original CVE updated
- 2024-10-10
- Advisory published
- 2024-10-10
- Advisory updated
- 2024-10-10
Who should care
Organizations operating Rockwell Automation DataMosaix Private Cloud for industrial data management and analytics. Security teams responsible for OT/ICS environments using this platform. Asset owners relying on DataMosaix for project-based data isolation in manufacturing, energy, or critical infrastructure sectors.
Technical summary
The vulnerability exists in DataMosaix Private Cloud versions 7.07 and earlier due to insufficient authorization validation during project creation workflows. An authenticated threat actor with low privileges can exploit this flaw to create a new project and automatically gain administrative control over it. This grants the attacker capabilities to create, modify, and delete project resources within their created project scope. The CVSS 3.1 vector AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H indicates network attack vector, low attack complexity, low privileges required, no user interaction, and high impact on confidentiality, integrity, and availability. The vulnerability does not appear to allow escalation beyond the created project boundary based on available disclosure information.
Defensive priority
HIGH
Recommended defensive actions
- Upgrade to DataMosaix Private Cloud version 7.09 or later to remediate this vulnerability
- If immediate patching is not feasible, apply security best practices including network segmentation and least-privilege access controls
- Monitor for unauthorized project creation events in DataMosaix Private Cloud audit logs
- Review existing project administrator assignments for unauthorized accounts
- Implement additional authentication controls for administrative functions pending patch deployment
Evidence notes
CISA ICS Advisory ICSA-24-284-15 published 2024-10-10 confirms the vulnerability allows authenticated users to create projects and assume administrative control over them. Affected versions are DataMosaix Private Cloud 7.07 and earlier. Rockwell Automation has provided corrected version 7.09.
Official resources
-
CVE-2024-7953 CVE record
CVE.org
-
CVE-2024-7953 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-10-10