The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security flaws impacting Hikvision and Rockwell Automation products to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
The critical-severity vulnerabilities are listed below –
- CVE-2017-7921 (CVSS score: 9.8) – An improper authentication vulnerability affecting multiple Hikvision products that could allow a malicious user to escalate privileges on the system and gain access to sensitive information.
- CVE-2021-22681 (CVSS score: 9.8) – An insufficiently protected credentials vulnerability affecting multiple Rockwell Automation Studio 5000 Logix Designer, RSLogix 5000, and Logix Controllers that could allow an unauthorized user with network access to the controller to bypass the verification mechanism and authenticate with it, as well as alter its configuration and/or application code.
The addition of CVE-2017-7921 to the KEV catalog comes more than four months after the SANS Internet Storm Center disclosed that it had detected exploit attempts against Hikvision cameras susceptible to the flaw. However, there appears to be no public report describing attacks involving CVE-2021-22681.
In light of active exploitation, Federal Civilian Executive Branch (FCEB) agencies are recommended to update to the latest supported software versions by March 26, 2026, as part of Binding Operational Directive (BOD) 22-01.
“These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise,” CISA said.
“Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice.”
