IM
IronMonkey Threat Research
‹ Back to ICS Advisories

Rockwell Automation FactoryTalk DataMosaix

MEDIUM
CVSS 6.1
Date 2026-07-16T06:00:00+00:00
Source cisa-csaf
Published by CISA

// Description

Successful exploitation of this vulnerability could allow an authenticated attacker to inject malicious scripts on the server.

// Vulnerabilities (1)

CVE ID CVSS Score Severity Description
CVE-2026-9292 6.1 medium
A Stored Cross-Site Scripting security issue exists within FactoryTalk DataMosaix Private Cloud. The vulnerability stems from improper neutralization of user-supplied input within the Workflows configuration. An authenticated attacker with high privileges can inject malicious scripts that are permanently stored on the server. This vulnerability can result in the execution of malicious JavaScript when other users access the affected page, potentially allowing for account takeover, credential theft, or redirection to a malicious website.

// Remediations (3)

Patch: Rockwell Automation recommends users to upgrade to the following: DataMosaix Private Cloud versions
Rockwell Automation recommends users to upgrade to the following: DataMosaix Private Cloud versions 8.03 or later.
Mitigation: Customers using the affected software, who are not able to upgrade to one of the corrected versions,
Customers using the affected software, who are not able to upgrade to one of the corrected versions, should use Rockwell Automation's security best practices (https://support.rockwellautomation.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight).
Mitigation: For more information, see Rockwell Automation Security Advisory SD1787 (https://www.rockwellautomati
For more information, see Rockwell Automation Security Advisory SD1787 (https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1787.html).

// References