TWO long-standing vulnerabilities affecting Hikvision cameras and Rockwell Automation Logix environments have been added to CISA’s Known Exploited Vulnerabilities (KEV) Catalog, making urgent patching and mitigations a priority, according to CISA KEV.
The weaknesses are CVE-2017-7921 in Hikvision devices, an improper authentication flaw that can lead to privilege escalation and sensitive data access, and CVE-2021-22681 in Rockwell Logix, which can enable an attacker to impersonate a trusted engineering workstation if the verification key is discovered.
As of 5 March 2026, both CVEs are KEV-listed, signalling real-world exploitation, with U.S. government reporting noting HiatusRAT actors scanned for CVE-2017-7921 during a March 2024 campaign targeting cameras and DVRs. The article also notes that Rockwell guidance indicates CVE-2021-22681 cannot be mitigated with a patch and recommends compensating controls, including restricting network reachability to controllers and deploying segmentation and CIP Security where feasible.
Lastly, the KEV entry dates and a remediation due date of 26 March 2026 provide a clear urgency window for defenders to prioritise actions in their environments, according to the post.