CVE-2021-22681CRITICAL · 9.8TrackedCISA KEV

Rockwell · Multiple Products

Multiple Rockwell products contain an insufficient protected credentials vulnerability. Studio 5000 Logix Designer software may allow a key to be discovered. This key is used to verify Logix controllers are communicating with Rockwell Automation design software. If successfully exploited, this vulnerability could allow an unauthorized application to connect with Logix controllers. To leverage this vulnerability, an unauthorized user would require network access to the controller.

Disclosed

2021-03-03

1924 days ago

Status

no honeypot capture yet

on CISA KEV — watching

7-day events

across 0 distinct IPs

7-day spread

0 ASN · 0 cty

0 active days

Top ASNs

No events captured yet.

Top countries

No events captured yet.

References

https://support.rockwellautomation.com/app/answers/answer_view/a_id/1130301/~/cve-2021-22681%3A-authentication-bypass-vulnerability-found-in-logix-controllers-
https://www.cisa.gov/news-events/ics-advisories/icsa-21-056-03
https://nvd.nist.gov/vuln/detail/CVE-2021-22681

↗ NVD ↗ CISA KEV ↗ Search analyses