ACCORDING to CISA, the Known Exploited Vulnerabilities (KEV) catalog lists CVE-2021-22681 as Rockwell | Multiple Products, described as an Insufficient Protected Credentials vulnerability. The entry notes that Studio 5000 Logix Designer software may allow a key to be discovered, enabling an unauthorized application to connect with Logix controllers if exploited, with an attacker requiring network access to the controller.
It also records related CWE: CWE-522 and states that the vulnerability is Unknown whether it has been used in a ransomware campaign. The record shows Date Added as 2026-03-05 and Due Date as 2026-03-26. Action guidance includes applying mitigations per vendor instructions, following applicable BOD 22-01 guidance for cloud services, or discontinuing use of the product if mitigations are unavailable. Additional notes link to Rockwell support and CISA ICS advisories, and the NVD page for CVE-2021-22681 is cited in the entry.