Search
Find a vulnerability
Search criteria
2 vulnerabilities found for DataEdgePlatform DataMosaix™ Private Cloud by Rockwell Automation
CVE-2025-0659 (GCVE-0-2025-0659)
Vulnerability from nvd – Published: 2025-01-28 15:16 – Updated: 2025-01-28 16:21
VLAI
EPSS
VEX
Title
Path Traversal and Rockwell Automation Third-party Vulnerability in DataMosaix™ Private Cloud
Summary
A path
traversal vulnerability exists in the Rockwell Automation DataEdge Platform DataMosaix Private Cloud. By specifying the character
sequence in the body of the vulnerable endpoint, it is possible to overwrite
files outside of the intended directory. A threat actor with admin privileges could
leverage this vulnerability to overwrite reports including user projects.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Rockwell Automation | DataEdgePlatform DataMosaix™ Private Cloud |
Affected:
<=7.11
|
Date Public
2025-01-28 14:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0659",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-28T16:21:41.341728Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T16:21:57.505Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DataEdgePlatform DataMosaix\u2122 Private Cloud",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "\u003c=7.11"
}
]
}
],
"datePublic": "2025-01-28T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA path\ntraversal vulnerability exists in the Rockwell Automation DataEdge Platform DataMosaix Private Cloud. By specifying the character\nsequence in the body of the vulnerable endpoint, it is possible to overwrite\nfiles outside of the intended directory. A threat actor with admin privileges could\nleverage this vulnerability to overwrite reports including user projects. \u003c/p\u003e\n\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "A path\ntraversal vulnerability exists in the Rockwell Automation DataEdge Platform DataMosaix Private Cloud. By specifying the character\nsequence in the body of the vulnerable endpoint, it is possible to overwrite\nfiles outside of the intended directory. A threat actor with admin privileges could\nleverage this vulnerability to overwrite reports including user projects."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T15:16:38.188Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1715.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCorrected in software version 7.11.01 and later. \u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Corrected in software version 7.11.01 and later."
}
],
"source": {
"advisory": "SD1715",
"discovery": "INTERNAL"
},
"title": "Path Traversal and Rockwell Automation Third-party Vulnerability in DataMosaix\u2122 Private Cloud",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2025-0659",
"datePublished": "2025-01-28T15:16:38.188Z",
"dateReserved": "2025-01-22T21:53:30.788Z",
"dateUpdated": "2025-01-28T16:21:57.505Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0659 (GCVE-0-2025-0659)
Vulnerability from cvelistv5 – Published: 2025-01-28 15:16 – Updated: 2025-01-28 16:21
VLAI
EPSS
VEX
Title
Path Traversal and Rockwell Automation Third-party Vulnerability in DataMosaix™ Private Cloud
Summary
A path
traversal vulnerability exists in the Rockwell Automation DataEdge Platform DataMosaix Private Cloud. By specifying the character
sequence in the body of the vulnerable endpoint, it is possible to overwrite
files outside of the intended directory. A threat actor with admin privileges could
leverage this vulnerability to overwrite reports including user projects.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Rockwell Automation | DataEdgePlatform DataMosaix™ Private Cloud |
Affected:
<=7.11
|
Date Public
2025-01-28 14:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0659",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-28T16:21:41.341728Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T16:21:57.505Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DataEdgePlatform DataMosaix\u2122 Private Cloud",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "\u003c=7.11"
}
]
}
],
"datePublic": "2025-01-28T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA path\ntraversal vulnerability exists in the Rockwell Automation DataEdge Platform DataMosaix Private Cloud. By specifying the character\nsequence in the body of the vulnerable endpoint, it is possible to overwrite\nfiles outside of the intended directory. A threat actor with admin privileges could\nleverage this vulnerability to overwrite reports including user projects. \u003c/p\u003e\n\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "A path\ntraversal vulnerability exists in the Rockwell Automation DataEdge Platform DataMosaix Private Cloud. By specifying the character\nsequence in the body of the vulnerable endpoint, it is possible to overwrite\nfiles outside of the intended directory. A threat actor with admin privileges could\nleverage this vulnerability to overwrite reports including user projects."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T15:16:38.188Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1715.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCorrected in software version 7.11.01 and later. \u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Corrected in software version 7.11.01 and later."
}
],
"source": {
"advisory": "SD1715",
"discovery": "INTERNAL"
},
"title": "Path Traversal and Rockwell Automation Third-party Vulnerability in DataMosaix\u2122 Private Cloud",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2025-0659",
"datePublished": "2025-01-28T15:16:38.188Z",
"dateReserved": "2025-01-22T21:53:30.788Z",
"dateUpdated": "2025-01-28T16:21:57.505Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}