The U.S. Cybersecurity and Infrastructure Security Agency in an alert added two critical vulnerabilities affecting Hikvision and Rockwell Automation products to its Known Exploited Vulnerabilities catalog on Thursday, both scored 9.8 under CVSS.
KEY FACTS
- Incident Two vulnerabilities added to the KEV catalog for active exploitation
- Vulnerabilities CVE-2017-7921 and CVE-2021-22681, both CVSS 9.8
- Affected products Multiple Hikvision devices and Rockwell Studio 5000 Logix Designer, RSLogix 5000 and Logix controllers
- Deadline Federal Civilian Executive Branch agencies must update by March 26, 2026 under BOD 22-01
CVE-2017-7921 is an improper authentication flaw in multiple Hikvision products that can allow a malicious user to escalate privileges and access sensitive information.
CVE-2021-22681 is an insufficiently protected credentials issue affecting Rockwell Automation Studio 5000 Logix Designer, RSLogix 5000 and Logix controllers. An unauthorized user with network access could bypass the controller verification mechanism and alter configuration or application code.
Federal Civilian Executive Branch agencies are required to update to the latest supported software versions by March 26, 2026 under Binding Operational Directive 22-01. The alert urges prioritizing timely remediation of KEV catalog items as part of vulnerability management.
WHY IT MATTERS
Both flaws carry maximum critical scores and enable high-impact actions such as privilege escalation and controller takeover. Prompt patching or mitigation reduces exposure to active exploit attempts and potential disruption.