The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security flaws affecting Hikvision and Rockwell Automation products to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
The critical severity vulnerabilities are:
CVE-2017-7921 (CVSS Score: 9.8) – Improper authentication vulnerability affecting multiple Hikvision products could allow a malicious user to escalate privileges on the system and access sensitive information. CVE-2021-22681 (CVSS Score: 9.8) – An insufficiently protected credentials vulnerability affecting multiple Rockwell Automation Studio 5000 Logix Designer, RSLogix 5000, and Logix controllers could allow an unprivileged user with network access to the controller to bypass validation mechanisms to authenticate or modify configuration or application code.
The addition of CVE-2017-7921 to the KEV catalog comes more than four months after the SANS Internet Storm Center revealed that it had detected an exploitation attempt against Hikvision cameras susceptible to this flaw. However, there appear to be no public reports describing attacks related to CVE-2021-22681.
In light of active exploitation, Federal Civilian Executive Branch (FCEB) agencies are encouraged to update to the latest supported software version by March 26, 2026 as part of Binding Operational Directive (BOD) 22-01.
“These types of vulnerabilities are frequent attack vectors for malicious cyber attackers and pose significant risks to federal enterprises,” CISA said.
“While BOD 22-01 applies only to FCEB institutions, CISA urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of vulnerabilities in the KEV catalog as part of their vulnerability management practices.”
Source link
