CRITICAL🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2021-22681

CVSS 9.8v3.1pub. 2021-03-03upd. 2026-03-06

Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 use a key to verify Logix controllers are communicating with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800. Rockwell Automation Studio 5000 Logix Designer Versions 21 and later and RSLogix 5000: Versions 16 through 20 are vulnerable because an unauthenticated attacker could bypass this verification mechanism and authenticate with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Rockwellautomation Compact Guardlogix 5370

    HW
    Rockwellautomation
    wszystkie wersje
  • Rockwellautomation Compact Guardlogix 5380

    HW
    Rockwellautomation
    wszystkie wersje
  • Rockwellautomation Compactlogix 1768

    HW
    Rockwellautomation
    wszystkie wersje
  • Rockwellautomation Compactlogix 1769

    HW
    Rockwellautomation
    wszystkie wersje
  • Rockwellautomation Compactlogix 5370

    HW
    Rockwellautomation
    wszystkie wersje
  • Rockwellautomation Compactlogix 5380

    HW
    Rockwellautomation
    wszystkie wersje
  • Rockwellautomation Compactlogix 5480

    HW
    Rockwellautomation
    wszystkie wersje
  • Rockwellautomation Controllogix 5550

    HW
    Rockwellautomation
    wszystkie wersje
  • Rockwellautomation Controllogix 5560

    HW
    Rockwellautomation
    wszystkie wersje
  • Rockwellautomation Controllogix 5570

    HW
    Rockwellautomation
    wszystkie wersje
  • Rockwellautomation Controllogix 5580

    HW
    Rockwellautomation
    wszystkie wersje
  • Rockwellautomation Drivelogix 1794 L34

    HW
    Rockwellautomation
    wszystkie wersje
  • Rockwellautomation Drivelogix 5560

    HW
    Rockwellautomation
    wszystkie wersje
  • Rockwellautomation Drivelogix 5730

    HW
    Rockwellautomation
    wszystkie wersje
  • Rockwellautomation Factorytalk Services Platform

    APP
    Rockwellautomation
    ≥ 2.10
  • Rockwellautomation Guardlogix 5570

    HW
    Rockwellautomation
    wszystkie wersje
  • Rockwellautomation Guardlogix 5580

    HW
    Rockwellautomation
    wszystkie wersje
  • Rockwellautomation Rslogix 5000

    APP
    Rockwellautomation
    16 – 20
  • Rockwellautomation Softlogix 5800

    HW
    Rockwellautomation
    wszystkie wersje
  • Rockwellautomation Studio 5000 Logix Designer

    APP
    Rockwellautomation
    ≥ 21.0

CISA KEV — detailsi

Vendori
Rockwell
Producti
Multiple Products
Added to KEVi
March 5, 2026
Remediation deadline (US Federal)i
March 26, 2026(overdue)
Required action (CISA)i

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CISA descriptioni

Multiple Rockwell products contain an insufficient protected credentials vulnerability. Studio 5000 Logix Designer software may allow a key to be discovered. This key is used to verify Logix controllers are communicating with Rockwell Automation design software. If successfully exploited, this vulnerability could allow an unauthorized application to connect with Logix controllers. To leverage this vulnerability, an unauthorized user would require network access to the controller.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 26 marca 2026
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2024-21915CRITICAL9.0PL ✓ten sam produkt

Privilege escalation w Rockwell Automation FactoryTalk Services Platform

CVE-2024-21917CRITICAL9.8PL ✓ten sam produkt

Rockwell Automation FactoryTalk — przechwycenie tokenu uwierzytelniającego (brak podpisu cyfrowego)

CVE-2022-1161CRITICAL10.0ten sam produkt

An attacker with the ability to modify a user program may change user program code on some ControlLogix, Compa...

CVE-2020-14516CRITICAL10.0ten sam produkt

In Rockwell Automation FactoryTalk Services Platform Versions 6.10.00 and 6.11.00, there is an issue with the ...

CVE-2020-6967CRITICAL9.8ten sam produkt

In Rockwell Automation all versions of FactoryTalk Diagnostics software, a subsystem of the FactoryTalk Servic...