CISA Adds Hikvision and Rockwell Automation Flaws to KEV Catalog

First reported

06.03.2026 08:30

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

CISA has added two critical vulnerabilities (CVE-2017-7921 and CVE-2021-22681) affecting Hikvision and Rockwell Automation products to its KEV catalog due to evidence of active exploitation. The flaws, both with a CVSS score of 9.8, could allow privilege escalation and unauthorized access. Federal agencies are urged to patch by March 26, 2026. CVE-2017-7921 impacts multiple Hikvision products, enabling privilege escalation and access to sensitive information. CVE-2021-22681 affects Rockwell Automation Studio 5000 Logix Designer, RSLogix 5000, and Logix Controllers, allowing unauthorized users to bypass authentication and alter configurations.

Timeline

06.03.2026 08:30 1 articles · 15h ago

CISA Adds Hikvision and Rockwell Automation Flaws to KEV Catalog
CISA has added two critical vulnerabilities (CVE-2017-7921 and CVE-2021-22681) to its KEV catalog due to evidence of active exploitation. These flaws impact Hikvision and Rockwell Automation products, with a CVSS score of 9.8 each. Federal agencies are urged to patch by March 26, 2026.
Show sources

Hikvision and Rockwell Automation CVSS 9.8 Flaws Added to CISA KEV Catalog — thehackernews.com — 06.03.2026 08:30
Open in new tab

Information Snippets

CVE-2017-7921 is an improper authentication vulnerability in Hikvision products with a CVSS score of 9.8.
First reported: 06.03.2026 08:30

1 source, 1 article
Show sources
- Hikvision and Rockwell Automation CVSS 9.8 Flaws Added to CISA KEV Catalog — thehackernews.com — 06.03.2026 08:30
CVE-2021-22681 is an insufficiently protected credentials vulnerability in Rockwell Automation products with a CVSS score of 9.8.
First reported: 06.03.2026 08:30

1 source, 1 article
Show sources
- Hikvision and Rockwell Automation CVSS 9.8 Flaws Added to CISA KEV Catalog — thehackernews.com — 06.03.2026 08:30
CISA detected active exploitation of CVE-2017-7921, with exploit attempts against Hikvision cameras reported over four months ago.
First reported: 06.03.2026 08:30

1 source, 1 article
Show sources
- Hikvision and Rockwell Automation CVSS 9.8 Flaws Added to CISA KEV Catalog — thehackernews.com — 06.03.2026 08:30
No public reports describe attacks involving CVE-2021-22681.
First reported: 06.03.2026 08:30

1 source, 1 article
Show sources
- Hikvision and Rockwell Automation CVSS 9.8 Flaws Added to CISA KEV Catalog — thehackernews.com — 06.03.2026 08:30
Federal agencies must patch these vulnerabilities by March 26, 2026, under BOD 22-01.
First reported: 06.03.2026 08:30

1 source, 1 article
Show sources
- Hikvision and Rockwell Automation CVSS 9.8 Flaws Added to CISA KEV Catalog — thehackernews.com — 06.03.2026 08:30
CISA urges all organizations to prioritize remediation of KEV Catalog vulnerabilities.
First reported: 06.03.2026 08:30

1 source, 1 article
Show sources
- Hikvision and Rockwell Automation CVSS 9.8 Flaws Added to CISA KEV Catalog — thehackernews.com — 06.03.2026 08:30