CVE-2024-7956 Rockwell Automation CVE debrief

Who should care

Organizations operating Rockwell Automation DataMosaix Private Cloud for industrial data management and visualization, particularly those with multi-user environments where project isolation is critical for operational security or intellectual property protection.

Technical summary

The vulnerability exists in DataMosaix Private Cloud versions 7.07 and earlier due to insufficient authorization checks when accessing project resources. An authenticated threat actor with basic user privileges can bypass intended access controls to view, modify, or delete projects belonging to other users. The attack is remotely exploitable over the network without requiring user interaction. The CVSS 3.1 score of 8.1 reflects high impacts to confidentiality and integrity, though availability is not affected. Rockwell Automation has addressed this in version 7.09.

Defensive priority

HIGH

Recommended defensive actions

• Upgrade to DataMosaix Private Cloud version 7.09 or later to remediate this vulnerability
• If immediate patching is not feasible, apply security best practices including network segmentation and principle of least privilege
• Review project access controls and audit user permissions for sensitive projects
• Monitor for unauthorized project modifications or deletions in affected environments
• Consult Rockwell Automation security advisory for additional mitigation guidance

Evidence notes

Advisory ICSA-24-284-15 confirms affected versions are DataMosaix Private Cloud 7.07 and earlier. CVSS 3.1 vector AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N indicates network attack vector, low attack complexity, low privileges required, no user interaction, with high impact to confidentiality and integrity but no availability impact.

Official resources