Rockwell Automation FactoryTalk DataMosaix Private Cloud
Published:
13 January 2026 at 12:00:00
Alert date:
13 January 2026 at 19:02:07
Source:
cisa.gov
Critical Infrastructure, Database & Storage, Enterprise Applications
CISA published an advisory for CVE-2025-12807, a high-severity SQL injection vulnerability in Rockwell Automation FactoryTalk DataMosaix Private Cloud versions 7.11, 8.00, and 8.01. The vulnerability allows low-privilege users to perform unauthorized sensitive database operations through exposed API endpoints. With a CVSS score of 8.8, successful exploitation could lead to unauthorized database access. Rockwell Automation has released version 8.01.02 as a fix for affected systems. The vulnerability affects critical manufacturing infrastructure worldwide.
Technical details
Mitigation steps:
Affected products:
Rockwell Automation FactoryTalk DataMosaix Private Cloud
Related links:
https://www.cisa.gov/news-events/ics-advisories/icsa-26-013-02
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-013-02.json
https://www.cve.org/CVERecord?id=CVE-2025-12807
https://cwe.mitre.org/data/definitions/89.html
https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Related CVE's:
Related threat actors:
IOC's:
This article was created with the assistance of AI technology by Perceptive.