The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently identified two critical vulnerabilities affecting Hikvision and Rockwell Automation products, adding them to its Known Exploited Vulnerabilities (KEV) catalog. These flaws have been actively exploited, prompting heightened security measures.
Details of the Identified Vulnerabilities
The vulnerabilities, both carrying a CVSS score of 9.8, pose serious security risks. The first, CVE-2017-7921, is an improper authentication issue in various Hikvision products, potentially allowing attackers to escalate privileges and access sensitive data. The second, CVE-2021-22681, affects multiple Rockwell Automation systems, including Studio 5000 Logix Designer, RSLogix 5000, and Logix Controllers. This flaw could enable unauthorized users to bypass verification, authenticate with the systems, and alter configurations or code.
Impact and Exploitation
The inclusion of CVE-2017-7921 in the KEV catalog follows over four months of exploit attempts against vulnerable Hikvision cameras, as reported by the SANS Internet Storm Center. While no public reports have detailed attacks using CVE-2021-22681, the threat remains significant. Federal Civilian Executive Branch (FCEB) agencies are urged to update their systems by March 26, 2026, following Binding Operational Directive (BOD) 22-01.
Recommendations from CISA
CISA emphasizes the urgency of addressing these vulnerabilities, highlighting that they are frequent targets for cyber actors and pose considerable risks to federal operations. While BOD 22-01 is specific to FCEB agencies, CISA strongly advises all organizations to incorporate the remediation of KEV catalog vulnerabilities into their vulnerability management processes to minimize exposure to cyber threats.
In conclusion, staying ahead of potential cyber threats involves timely updates and proactive vulnerability management. Organizations are encouraged to prioritize these actions to safeguard their systems and data from malicious exploitation.
