The U.S. Cybersecurity and Infrastructure Security Agency has added two high severity vulnerabilities affecting Hikvision and Rockwell Automation products to its Known Exploited Vulnerabilities (KEV) catalog after confirming evidence that the flaws are being actively exploited.
Both vulnerabilities carry a CVSS score of 9.8, indicating a critical level of risk for affected systems.
Vulnerability Affecting Hikvision Devices
The first vulnerability, tracked as CVE-2017-7921, impacts multiple Hikvision surveillance products. This flaw results from improper authentication mechanisms that can allow a malicious actor to escalate privileges on the affected system.
By exploiting this weakness, an attacker may gain unauthorized access to sensitive system data and administrative functions within the device.
Security researchers previously detected exploitation attempts targeting vulnerable Hikvision cameras, highlighting the ongoing risk posed by unpatched systems.
Security Issue in Rockwell Automation Systems
The second vulnerability, identified as CVE-2021-22681, affects several industrial control products from Rockwell Automation, including:
- Studio 5000 Logix Designer
- RSLogix 5000
- Logix Controllers
This vulnerability stems from poorly protected credential storage mechanisms. An attacker with network access to a controller may bypass authentication safeguards, allowing them to connect to the system and potentially modify configuration settings or application code.
Such actions could pose serious risks in industrial environments where these systems control operational processes.
Evidence of Exploitation
The inclusion of CVE-2017-7921 in the KEV catalog follows earlier observations from the SANS Internet Storm Center, which reported exploit activity targeting vulnerable Hikvision cameras several months ago.
At present, there are no publicly documented attacks specifically involving CVE-2021-22681, though its presence in the KEV catalog suggests credible evidence of exploitation.
CISA Remediation Deadline
Due to the confirmed exploitation of these vulnerabilities, Federal Civilian Executive Branch (FCEB) agencies have been instructed to update affected systems to supported software versions by March 26, 2026.
This directive falls under Binding Operational Directive (BOD) 22-01, which requires federal agencies to promptly remediate vulnerabilities listed in the KEV catalog.
Importance of Addressing KEV Vulnerabilities
CISA emphasized that vulnerabilities listed in the KEV catalog are frequently used by threat actors during cyberattacks. As a result, organizations should prioritize patching these issues as part of their vulnerability management programs.
Although the directive specifically applies to U.S. federal agencies, CISA strongly encourages all organizations worldwide to address KEV vulnerabilities quickly to reduce the risk of cyber intrusions.
Found this article interesting? Follow us on X (Twitter) , Facebook, Blue sky and LinkedIn to read more exclusive content we post.
