Latest Cyber Security News

You are here: Home / General Cyber Security News / Hikvision and Rockwell Automation CVSS 9.8 Flaws Added to CISA KEV Catalog
March 6, 2026

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security flaws impacting Hikvision and Rockwell Automation products to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.

The critical-severity vulnerabilities are listed below –

  • CVE-2017-7921 (CVSS score: 9.8) – An improper authentication vulnerability affecting multiple Hikvision products that could allow a malicious user to escalate privileges on the system and gain access to sensitive information. 
  • CVE-2021-22681 (CVSS score: 9.8) – An insufficiently protected credentials vulnerability affecting multiple Rockwell Automation Studio 5000 Logix Designer, RSLogix 5000, and Logix Controllers that could allow an unauthorized user with network access to the controller to bypass the verification mechanism and authenticate with it, as well as alter its configuration and/or application code.

Cybersecurity

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


The addition of CVE-2017-7921 to the KEV catalog comes more than four months after the SANS Internet Storm Center disclosed that it had detected exploit attempts against Hikvision cameras susceptible to the flaw. However, there appears to be no public report describing attacks involving CVE-2021-22681.

In light of active exploitation, Federal Civilian Executive Branch (FCEB) agencies are recommended to update to the latest supported software versions by March 26, 2026, as part of Binding Operational Directive (BOD) 22-01.

“These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise,” CISA said.

“Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice.”

Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.


Some parts of this article are sourced from:
thehackernews.com

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *