Multiple vulnerabilities in Rockwell Automation DataMosaix Private Cloud
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2024-7952 CVE-2024-7953 CVE-2024-7956 |
| CWE-ID | CWE-200 CWE-862 CWE-863 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
DataMosaix Private Cloud Other software / Other software solutions |
| Vendor | Rockwell Automation |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Information disclosure
EUVDB-ID: #VU98733
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-7952
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the hardcoded links in the source code that lead to JSON files that can be reached without authentication. A remote attacker can gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsDataMosaix Private Cloud: 7.07
CPE2.3- cpe:2.3:a:rockwell_automation:datamosaix_private_cloud:*:*:*:*:*:*:*:*
- cpe:2.3:a:rockwell_automation:datamosaix_private_cloud:7.07:*:*:*:*:*:*:*
http://www.cisa.gov/news-events/ics-advisories/icsa-24-284-15
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Missing Authorization
EUVDB-ID: #VU98735
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-7953
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authorization checks.
The vulnerability exists due to missing authorization controls in Azure Stack Hyperconverged Infrastructure (HCI). A remote user can create a project and become the administrator for it.
MitigationInstall updates from vendor's website.
Vulnerable software versionsDataMosaix Private Cloud: 7.07
CPE2.3- cpe:2.3:a:rockwell_automation:datamosaix_private_cloud:*:*:*:*:*:*:*:*
- cpe:2.3:a:rockwell_automation:datamosaix_private_cloud:7.07:*:*:*:*:*:*:*
http://www.cisa.gov/news-events/ics-advisories/icsa-24-284-15
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Incorrect authorization
EUVDB-ID: #VU98736
Risk: Medium
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-7956
CWE-ID:
CWE-863 - Incorrect Authorization
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authorization checks.
The vulnerability exists due to broken access control in several PATCH endpoints. A remote user can gain access to user's projects to modify and delete the project.
MitigationInstall updates from vendor's website.
Vulnerable software versionsDataMosaix Private Cloud: 7.07
CPE2.3- cpe:2.3:a:rockwell_automation:datamosaix_private_cloud:*:*:*:*:*:*:*:*
- cpe:2.3:a:rockwell_automation:datamosaix_private_cloud:7.07:*:*:*:*:*:*:*
http://www.cisa.gov/news-events/ics-advisories/icsa-24-284-15
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
