CISA has added CVE-2021-22681 to its Known Exploited Vulnerabilities (KEV) catalogue. The affected vendor is Rockwell, and the product is listed as Multiple Products. The vulnerability is Rockwell Multiple Products Insufficient Protected Credentials Vulnerability. In short, Studio 5000 Logix Designer software may allow a credentials key used to verify Logix controller communications to be discovered, potentially enabling an unauthorised application to connect with Logix controllers.
Technical detail: The issue is described as an authentication bypass vulnerability involving insufficient protected credentials. The impact is that an unauthorised application could connect to Logix controllers, potentially allowing tampering with controller operations. The attack vector requires network access to the controller. The vulnerability carries a CVSS score of 9.8 (CRITICAL). Patch status is unknown; no patch or advisory URL is available in the provided data.
Exploitation and risk: Active exploitation has been confirmed, which is why this entry is in KEV. The known ransomware campaign use is reported as unknown. CISA has set a remediation deadline of 26 March 2026 for affected systems and requires heightened attention given ongoing exploitation.
Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Directly affected are FCEB agencies; all organisations should review their exposure and apply the indicated mitigations or alternatives as advised.
Final sentence: See the NVD entry and the CISA KEV catalogue for full details. NVD: https://nvd.nist.gov/vuln/detail/CVE-2021-22681. KEV catalogue: (link to CISA KEV entry).