CISA has added two critical-severity vulnerabilities affecting Hikvision and Rockwell Automation products to its Known Exploited Vulnerabilities catalog, citing evidence of active exploitation and urging immediate patching.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two critical-severity vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, both carrying a maximum CVSS score of 9.8. The vulnerabilities affect products from Hikvision and Rockwell Automation, with CISA citing evidence of active exploitation in the wild.
Critical Vulnerabilities Added to KEV Catalog
CVE-2017-7921 - This improper authentication vulnerability affects multiple Hikvision products and could allow malicious users to escalate privileges and gain access to sensitive information. The flaw has been actively exploited since at least November 2024, when the SANS Internet Storm Center detected exploit attempts against vulnerable Hikvision cameras.
CVE-2021-22681 - This insufficiently protected credentials vulnerability impacts multiple Rockwell Automation products including Studio 5000 Logix Designer, RSLogix 5000, and Logix Controllers. The flaw could allow unauthorized users with network access to bypass verification mechanisms, authenticate with controllers, and alter their configuration or application code.
Urgent Patching Required
Federal Civilian Executive Branch (FCEB) agencies must update to the latest supported software versions by March 26, 2026, as part of Binding Operational Directive (BOD) 22-01. CISA emphasized that these vulnerabilities are "frequent attack vectors for malicious cyber actors" and pose significant risks to the federal enterprise.
While BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to prioritize timely remediation of KEV catalog vulnerabilities as part of their vulnerability management practice. The agency notes that these types of flaws are commonly exploited by malicious cyber actors.
Context and Implications
The addition of these vulnerabilities to the KEV catalog underscores the ongoing threat to critical infrastructure and industrial control systems. Hikvision products are widely used in surveillance and security systems, while Rockwell Automation equipment is prevalent in manufacturing and industrial automation.
Despite the four-month gap since exploitation of CVE-2017-7921 was first detected, there remains no public report describing attacks involving CVE-2021-22681. This suggests that some exploitation campaigns may be conducted covertly or that affected organizations have not yet disclosed incidents.
Organizations using affected Hikvision and Rockwell Automation products should immediately review their exposure and implement available patches or mitigations. Given the critical severity and evidence of active exploitation, delaying remediation could result in significant security breaches.
For more information on these vulnerabilities and mitigation strategies, organizations should consult CISA's KEV catalog and the respective vendors' security advisories.
Comments
Please log in or register to join the discussion