CISA Known Exploited Vulnerability
This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.
Remediation Deadline: Mar 26, 2026
Description
Multiple Rockwell products contain an insufficient protected credentials vulnerability. Studio 5000 Logix Designer software may allow a key to be discovered. This key is used to verify Logix controllers are communicating with Rockwell Automation design software. If successfully exploited, this vulnerability could allow an unauthorized application to connect with Logix controllers. To leverage this vulnerability, an unauthorized user would require network access to the controller.
EPSS — Exploit Probability
Higher than 94.5% of all CVEs
Required Action
https://support.rockwellautomation.com/app/answers/answer_view/a_id/1130301/~/cve-2021-22681%3A-authentication-bypass-vulnerability-found-in-logix-controllers- ; https://www.cisa.gov/news-events/ics-advisories/icsa-21-056-03 ; https://nvd.nist.gov/vuln/detail/CVE-2021-22681
Related Articles (2)
Hikvision and Rockwell Automation CVSS 9.8 Flaws Added to CISA KEV Catalog
CISA adds Hikvision flaw CVE-2017-7921 and Rockwell Automation CVE-2021-22681 to KEV, urging agencies to patch by March 26, 2026.
Mar 6, 2026
CISA Adds Five Known Exploited Vulnerabilities to Catalog
CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
Mar 5, 2026
Risk Assessment
ELEVATEDDetails
- Severity
- High
- EPSS
- 15.4%
- CISA KEV
- Yes
- Ransomware
- Unknown
- Articles
- 2
Timeline
Published
Mar 5, 2026
Added to KEV
Mar 5, 2026
Remediation Due
Mar 26, 2026