PatchSiren cyber security CVE debrief
CVE-2025-12807 Rockwell Automation CVE debrief
CVE-2025-12807 is a high-severity issue in Rockwell Automation FactoryTalk DataMosaix Private Cloud. CISA’s advisory says low-privilege users can perform sensitive database operations through exposed API endpoints. The supplied CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) scores 8.8, so this should be treated as a serious exposure in environments running the affected product. The advisory’s revision history also labels the initial publication as a “FactoryTalk DataMosaix Private Cloud SQL Injection” issue, but the core defensive takeaway is the same: limit API exposure, assume low-privilege access paths may be abused, and apply the vendor correction promptly. Rockwell Automation’s stated fix is Version 8.01.02 or later.
- Vendor
- Rockwell Automation
- Product
- FactoryTalk DataMosaix Private Cloud
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-01-13
- Original CVE updated
- 2026-01-13
- Advisory published
- 2026-01-13
- Advisory updated
- 2026-01-13
Who should care
OT/ICS operators using FactoryTalk DataMosaix Private Cloud, Rockwell Automation administrators, SOC teams monitoring industrial environments, and vulnerability management teams responsible for API-facing services.
Technical summary
The source corpus describes a security issue in DataMosaix Private Cloud where users with low privilege can trigger sensitive database operations through exposed application programming interface (API) endpoints. The advisory metadata ties the issue to Rockwell Automation FactoryTalk DataMosaix Private Cloud and lists CVSS 3.1 as AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (8.8). Rockwell Automation’s remediation guidance is to update FactoryTalk DataMosaix Private Cloud to Version 8.01.02 or later; if upgrading is not possible, apply the vendor’s best security practices guidance.
Defensive priority
High. The issue is network-reachable, requires only low privileges, and is scored 8.8 with high confidentiality, integrity, and availability impact. Prioritize remediation for any exposed or production-connected deployments.
Recommended defensive actions
- Upgrade FactoryTalk DataMosaix Private Cloud to Version 8.01.02 or later.
- If immediate upgrade is not possible, follow Rockwell Automation’s best security practices guidance for the affected software.
- Review which API endpoints are exposed to users and networks, and restrict access to only necessary trusted principals and segments.
- Audit privileged and low-privilege account usage for unusual database activity tied to the application’s APIs.
- Treat this as an OT/ICS patching priority and validate the update in a controlled maintenance window before broad rollout.
Evidence notes
Supported by CISA CSAF advisory ICSA-26-013-02 for Rockwell Automation FactoryTalk DataMosaix Private Cloud, published 2026-01-13. The advisory text states that low-privilege users can perform sensitive database operations through exposed API endpoints. The supplied remediation lists Version 8.01.02 or later as the vendor fix. The supplied CVSS vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, matching the 8.8 HIGH severity. No KEV listing is present in the supplied corpus.
Official resources
-
CVE-2025-12807 CVE record
CVE.org
-
CVE-2025-12807 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published the advisory and CVE on 2026-01-13; the supplied corpus shows the same published and modified timestamps and no KEV addition.