CISA has added two critical vulnerabilities scoring CVSS 9.8 — affecting Hikvision and Rockwell Automation products — to its Known Exploited Vulnerabilities catalog, giving clue these are being actively abused in the wild.

CVE-2017-7921– affecting multiple Hikvision products. An improper authentication flaw allows attackers to escalate privileges and access sensitive information. This flaw could enable unauthorized users to bypass verification, authenticate with the systems, and alter configurations or code.

CVE-2021-22681– targets Rockwell Automation’s Studio 5000 Logix Designer, RSLogix 5000, and Logix Controllers. 

These two vulnerabilities are important in regards to patching to latest supported software versions by March 26, 2026, under BOD 22-01 Federal Civilian Executive Branch agencies. CISA strongly urged all organizations to treat KEV catalog items as priority remediation targets.

Exploitation in the wild & Impact

Why CVE-2017-7921 has been included in the KEV catalog . Its because over a period of four months of exploit attempts against vulnerable Hikvision cameras, as reported by the SANS Internet Storm Center.

CISA emphasized the urgency of addressing these vulnerabilities, highlighting that they are frequent targets for cyber actors and pose considerable risks to federal operations.

While BOD 22-01 is specific to FCEB agencies, CISA strongly advises all organizations to incorporate the remediation of KEV catalog vulnerabilities into their vulnerability management processes to minimize exposure to cyber threats.

It remains important to stay ahead of potential cyber threats involves timely updates and proactive vulnerability management. Organizations are encouraged to prioritize these actions to safeguard their systems and data from malicious exploitation.

CISA warns these flaws are frequent attack vectors for cybercriminals targeting critical infrastructure as these expose the backbone of surveillance and industrial control systems.

For hackers such vulnerabilities exposes the ability to impersonate an authorized user and view sensitive information via footage further taking control of device.

As per the SANS Internet Storm Center reported real-world exploitation attempts against vulnerable Hikvision cameras, confirming that this is more than a theoretical risk.

Hackers can leverage such vulnerability–red Flag for security Teams

Rockwell Automation’s flaw is equally alarming. Found in Studio 5000 Logix Designer, RSLogix 5000, and Logix Controllers, the bug allows attackers with network access to bypass security checks, authenticate themselves, and tamper with device configurations or application code.

For Security Teams , CISA’s addition of these flaws to the KEV catalog is significant. The KEV list tracks vulnerabilities known to be actively exploited “in the wild,” serving as a red flag for IT security teams.

Patching

Failing to apply patches quickly and regularly can lead to exploits, breaches, compliance errors, supply chain liabilities, decrease productivity and system downtime. Research says Cybercriminals actively monitor the release of patches and develop exploits for systems that remain unpatched. That significantly heightens risk of cyberattacks, including data breaches

Sources: CISA Adds Hikvision and Rockwell Automation CVSS 9.8 Flaws to KEV Catalog