"CVE-2017-7921 (CVSS score: 9.8) - An improper authentication vulnerability affecting multiple Hikvision products that could allow a malicious user to escalate privileges on the system and gain access to sensitive information."
"CVE-2021-22681 (CVSS score: 9.8) - An insufficiently protected credentials vulnerability affecting multiple Rockwell Automation Studio 5000 Logix Designer, RSLogix 5000, and Logix Controllers that could allow an unauthorized user with network access to the controller to bypass the verification mechanism and authenticate with it, as well as alter its configuration and/or application code."
"These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice."
CISA identified two critical-severity vulnerabilities with active exploitation affecting industrial and surveillance systems. CVE-2017-7921 impacts Hikvision products through improper authentication, enabling privilege escalation and unauthorized access to sensitive information. CVE-2021-22681 affects Rockwell Automation controllers through insufficiently protected credentials, allowing network-based authentication bypass and configuration manipulation. Federal agencies must remediate by March 26, 2026, under Binding Operational Directive 22-01. CISA emphasizes these vulnerabilities represent frequent attack vectors posing significant risks to federal infrastructure and urges all organizations to prioritize timely remediation as part of vulnerability management practices.
#cybersecurity-vulnerabilities #critical-infrastructure-protection #active-exploitation #industrial-control-systems #vulnerability-management
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]