Factorytalk Datamosaix Private Cloud
Monthly
Stored cross-site scripting in Rockwell Automation FactoryTalk DataMosaix Private Cloud lets a high-privileged authenticated user persist malicious JavaScript through the Workflows configuration, which then executes in the browsers of other users who view the affected page. Successful exploitation can lead to session/account takeover, credential theft, or redirection to attacker-controlled sites. No public exploit identified at time of analysis, and the CVSS 4.0 base score is 8.4 (High).
Stored cross-site scripting in Rockwell Automation FactoryTalk DataMosaix Private Cloud lets a high-privileged authenticated user persist malicious JavaScript through the Workflows configuration, which then executes in the browsers of other users who view the affected page. Successful exploitation can lead to session/account takeover, credential theft, or redirection to attacker-controlled sites. No public exploit identified at time of analysis, and the CVSS 4.0 base score is 8.4 (High).