Skip to main content

FactoryTalk DataMosaix CVE-2026-9292

| EUVDEUVD-2026-43702 HIGH
Cross-site Scripting (XSS) (CWE-79)
2026-07-14 Rockwell GHSA-3wvx-f68r-xmjc
8.4
CVSS 4.0 · Vendor: Rockwell
Share

Severity by source

Vendor (Rockwell) PRIMARY
8.4 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
8.1 HIGH

Network-reachable stored XSS needs a high-privilege author (PR:H) and a victim to view the page (UI:R); execution in the victim's browser crosses a trust boundary (S:C) with high C/I and no availability impact.

3.1 AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
4.0 AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (Rockwell).

CVSS VectorVendor: Rockwell

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
P
Scope
X

Lifecycle Timeline

2
Analysis Generated
Jul 14, 2026 - 16:00 vuln.today
CVE Published
Jul 14, 2026 - 15:05 cve.org
HIGH 8.4

DescriptionCVE.org

A Stored Cross-Site Scripting security issue exists within FactoryTalk® DataMosaix™ Private Cloud. The vulnerability stems from improper neutralization of user-supplied input within the Workflows configuration. An authenticated attacker with high privileges can inject malicious scripts that are permanently stored on the server. This vulnerability can result in the execution of malicious JavaScript when other users access the affected page, potentially allowing for account takeover, credential theft, or redirection to a malicious website.

AnalysisAI

Stored cross-site scripting in Rockwell Automation FactoryTalk DataMosaix Private Cloud lets a high-privileged authenticated user persist malicious JavaScript through the Workflows configuration, which then executes in the browsers of other users who view the affected page. Successful exploitation can lead to session/account takeover, credential theft, or redirection to attacker-controlled sites. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate as high-privilege user
Delivery
Inject script into Workflows configuration
Exploit
Payload stored server-side
Execution
Victim opens affected page
Persist
Malicious JavaScript executes in victim browser
Impact
Session/credential theft or redirection

Vulnerability AssessmentAI

Exploitation Exploitation requires an authenticated account with high privileges (PR:H) over the Workflows configuration feature of FactoryTalk DataMosaix Private Cloud - this is the exact feature where unsanitized input is stored. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N) is internally consistent with the description: network-reachable, low complexity, but requiring high privileges (PR:H) and passive user interaction (UI:P) from a victim who opens the page. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A malicious insider or an attacker who has obtained high-privilege credentials logs into FactoryTalk DataMosaix Private Cloud and saves a crafted JavaScript payload into a Workflows configuration field. When another operator or administrator later opens that Workflows page, the stored script runs in their session, letting the attacker steal their session token or credentials or redirect them to a malicious site. …
Remediation Consult and apply the remediation in Rockwell Automation advisory SD1787 (https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1787.html); the input does not include an exact fixed version, so treat the advisory as authoritative for the patched release and upgrade to it. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: identify all users with high-privilege access to Workflows configuration, restrict access to essential personnel only, and conduct an immediate audit of existing Workflows for suspicious or newly added configurations. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-9292 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy