ACCORDING to CISA, the Known Exploited Vulnerabilities (KEV) catalog has added two critical flaws affecting Hikvision and Rockwell Automation products, with active exploitation cited as evidence. CVE-2017-7921 is an improper authentication vulnerability affecting multiple Hikvision products and has a CVSS score of 9.8, potentially allowing a malicious user to escalate privileges and access sensitive information.
CVE-2021-22681, with a CVSS score of 9.8, is an insufficiently protected credentials issue affecting Rockwell Automation Studio 5000 Logix Designer, RSLogix 5000, and Logix Controllers, enabling an unauthorised user with network access to bypass verification and alter configuration or code.
The KEV addition follows disclosure that exploit attempts against Hikvision cameras susceptible to CVE-2017-7921 had been detected by SANS Internet Storm Center, though there is no public report describing attacks for CVE-2021-22681. With active exploitation noted, FCEB agencies are urged to update to the latest software versions by 26 March 2026 under Binding Operational Directive 22-01, a move CISA says all organisations should prioritise to reduce exposure.