High-Severity Rockwell Flaws Risk Industrial SQLi Data Tampering and Safety Device DoS Requiring Manual Fix
Ddos 
Rockwell Automation has released important security advisories addressing two significant vulnerabilities affecting its industrial cloud platform and safety communication hardware. The flaws, if left unpatched, could allow attackers to manipulate sensitive databases or force safety equipment offline, requiring physical intervention to restore operations.
The most severe vulnerability concerns FactoryTalk DataMosaix Private Cloud, a customer-managed solution used to scale OT and IT data access across enterprises.
Tracked as CVE-2025-12807, this vulnerability carries a high CVSS score of 8.8. It opens the door for SQL injection attacks, a classic but devastating vector. According to the advisory, “A security issue was discovered in DataMosaix Private Cloud, allowing users with low privilege to perform sensitive database operations through exposed API endpoints”.
This flaw effectively bypasses standard privilege hierarchies, giving lower-level users dangerous access to the system’s core data structures.
- Affected Versions: FactoryTalk DataMosaix Private Cloud versions 7.11, 8.00, and 8.01.
- Remediation: Users are urged to upgrade to software version 8.01.02 immediately.
The second advisory targets the 432ES-IG3 Series A, a GuardLink EtherNet/IP Interface designed to monitor safety devices and transmit their status to safety-rated controllers.
Identified as CVE-2025-9368 (CVSS 7.5), this Denial-of-Service (DoS) vulnerability can paralyze the device. While DoS attacks are often considered temporary nuisances, in an industrial setting, they disrupt critical monitoring. Worse, this specific flaw cannot be fixed remotely. The advisory notes that once the device is compromised, “A manual power cycle is required to recover the device”.
- Affected Versions: Software version 1.001.
- Remediation: Corrected in software version 2.001.9.
Industrial operators using these systems should prioritize these updates to prevent potential data tampering or operational downtime.
Donate