Critical Security Flaws in Hikvision and Rockwell Automation Products Demand Immediate Attention
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added two critical vulnerabilities affecting Hikvision and Rockwell Automation products to its Known Exploited Vulnerabilities (KEV) catalog, underscoring the urgency for organizations to address these security issues promptly.
Identified Vulnerabilities:
1. CVE-2017-7921 (CVSS Score: 9.8): This vulnerability pertains to improper authentication mechanisms in various Hikvision products. Exploitation could enable unauthorized users to escalate privileges and access sensitive information. ([thehackernews.com](https://thehackernews.com/2026/03/hikvision-and-rockwell-automation-cvss.html?utm_source=openai))
2. CVE-2021-22681 (CVSS Score: 9.8): Found in multiple Rockwell Automation Studio 5000 Logix Designer, RSLogix 5000, and Logix Controllers, this flaw involves insufficiently protected credentials. Attackers with network access could bypass verification processes, authenticate with the controller, and modify its configuration or application code. ([thehackernews.com](https://thehackernews.com/2026/03/hikvision-and-rockwell-automation-cvss.html?utm_source=openai))
Background and Exploitation:
The inclusion of CVE-2017-7921 in the KEV catalog follows reports from the SANS Internet Storm Center, which detected exploit attempts targeting vulnerable Hikvision cameras. ([thehackernews.com](https://thehackernews.com/2026/03/hikvision-and-rockwell-automation-cvss.html?utm_source=openai)) While there are no public reports detailing attacks exploiting CVE-2021-22681, the potential risks associated with this vulnerability are significant.
CISA’s Directive:
In response to these threats, CISA has issued Binding Operational Directive (BOD) 22-01, mandating that Federal Civilian Executive Branch (FCEB) agencies update to the latest supported software versions by March 26, 2026. CISA emphasizes that such vulnerabilities are common attack vectors for malicious actors and pose substantial risks to federal enterprises. ([thehackernews.com](https://thehackernews.com/2026/03/hikvision-and-rockwell-automation-cvss.html?utm_source=openai))
Recommendations for Organizations:
Although BOD 22-01 specifically targets FCEB agencies, CISA strongly advises all organizations to mitigate their exposure to cyberattacks by prioritizing the remediation of vulnerabilities listed in the KEV catalog. Implementing timely updates and patches is crucial in maintaining robust cybersecurity defenses.
Conclusion:
The identification and active exploitation of these critical vulnerabilities in Hikvision and Rockwell Automation products highlight the imperative for organizations to remain vigilant and proactive in their cybersecurity practices. Regularly updating systems and adhering to security advisories are essential steps in safeguarding sensitive information and maintaining operational integrity.
