CVE-2025-11084
📋 TL;DR
A vulnerability in DataMosaix Private Cloud allows attackers to bypass multi-factor authentication during setup and obtain valid login tokens without knowing user passwords. This occurs when MFA is enabled but not completed within 7 days. All DataMosaix Private Cloud deployments with MFA enabled are affected.
💻 Affected Systems
- DataMosaix Private Cloud
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers gain unauthorized administrative access to the entire DataMosaix Private Cloud environment, potentially compromising sensitive industrial data and control systems.
Likely Case
Attackers gain unauthorized access to user accounts, potentially leading to data theft, privilege escalation, or lateral movement within the network.
If Mitigated
With proper monitoring and access controls, impact is limited to specific compromised accounts that can be quickly identified and disabled.
🎯 Exploit Status
Exploitation requires no authentication and minimal technical skill once the vulnerability is understood.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check Rockwell Automation advisory for specific patched versions
Vendor Advisory: https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1758.html
Restart Required: Yes
Instructions:
1. Review the Rockwell Automation security advisory SD1758. 2. Apply the recommended patch or update to the latest version. 3. Restart the DataMosaix Private Cloud service. 4. Verify MFA setup completion for all users.
🔧 Temporary Workarounds
Force MFA Completion
allRequire all users to complete MFA setup immediately and disable accounts with incomplete MFA
Reduce MFA Setup Window
allChange MFA setup timeout from 7 days to a much shorter period (e.g., 24 hours)
🧯 If You Can't Patch
- Monitor for login attempts from accounts with incomplete MFA setup
- Implement network segmentation to limit access to DataMosaix Private Cloud
🔍 How to Verify
Check if Vulnerable:
Check if any user accounts have MFA enabled but not completed for more than 7 daysCheck Version:
Check DataMosaix Private Cloud administration interface for version informationVerify Fix Applied:
Verify that MFA setup timeout has been reduced and all users have completed MFA enrollment📡 Detection & Monitoring
Log Indicators:
- Login attempts from accounts with incomplete MFA setup
- Successful logins without MFA completion
Network Indicators:
- Unauthenticated requests to MFA setup endpoints
- Unusual authentication patterns
SIEM Query:
source="datamosaix" AND (event="login" AND mfa_status="incomplete")