ICSA-25-317-07
·
Published 2025-11-13
·
View on CISA ICS-CERT ↗
Rockwell Automation FactoryTalk DataMosaix Private Cloud
CVSS 8.0
HIGH
Risk Summary
Successful exploitation of these vulnerabilities could allow an attacker to take over accounts, steal credentials, redirect users to a malicious website, or bypass MFA.
CVEs (2)
Remediations
- Rockwell Automation encourages users of the affected software to apply the following risk mitigations, if possible:
- For CVE-2025-11084: Update FactoryTalk DataMosaix Private Cloud to Version 8.02
- Users using the affected software, who are not able to upgrade to one of the corrected versions, should use Rockwell Automation's best security practices.
- For CVE-2025-11085: Update FactoryTalk DataMosaix Private Cloud to Version 8.01
Affected Vendors
Rockwell Automation
Affected Products (2)
Rockwell Automation
·
FactoryTalk DataMosaix Private Cloud
7.11_8.00_8.01
Rockwell Automation
·
FactoryTalk DataMosaix Private Cloud
7.11_8.00
Affected Sectors
Critical Manufacturing
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more