CVE-2021-22681 (GCVE-0-2021-22681)

Vulnerability from cvelistv5 – Published: 2021-03-03 17:59 – Updated: 2026-03-06 05:01
VLAI? CISA KEV
Summary
Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 use a key to verify Logix controllers are communicating with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800. Rockwell Automation Studio 5000 Logix Designer Versions 21 and later and RSLogix 5000: Versions 16 through 20 are vulnerable because an unauthenticated attacker could bypass this verification mechanism and authenticate with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800.
Severity ?
9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-522 - Insufficiently Protected Credentials CWE-522
Assigner
References
Impacted products
Vendor Product Version
n/a Rockwell Automation Studio 5000 Logix Designer, RSLogix 5000, Logix Controllers Affected: RSLogix 5000 Versions 16 through 20
Affected: Studio 5000 Logix Designer: Versions 21 and later
Affected: CompactLogix 1768, 1769, 5370, 5380, 5480
Affected: ControlLogix 5550, 5560, 5570, 5580
Affected: DriveLogix 5560, 5730, 1794-L34
Affected: Compact GuardLogix 5370, 5380
Affected: GuardLogix 5570, 5580
Affected: SoftLogix 5800
CISA KEV
Known Exploited Vulnerability - GCVE BCP-07 Compliant
KEV entry ID: 632a9e60-6cf6-423c-b2fd-bf11fe9b16c8

Vulnerability ID: CVE-2021-22681

Status: Confirmed

Status Updated: 2026-03-05 00:00 UTC

Exploited: Yes

Timestamps
First Seen: 2026-03-05
Asserted: 2026-03-05
Scope
Notes: KEV entry: Rockwell Multiple Products Insufficient Protected Credentials Vulnerability | Affected: Rockwell / Multiple Products | Description: Multiple Rockwell products contain an insufficient protected credentials vulnerability. Studio 5000 Logix Designer software may allow a key to be discovered. This key is used to verify Logix controllers are communicating with Rockwell Automation design software. If successfully exploited, this vulnerability could allow an unauthorized application to connect with Logix controllers. To leverage this vulnerability, an unauthorized user would require network access to the controller. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-03-26 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.rockwellautomation.com/app/answers/answer_view/a_id/1130301/~/cve-2021-22681%3A-authentication-bypass-vulnerability-found-in-logix-controllers- ; https://www.cisa.gov/news-events/ics-advisories/icsa-21-056-03 ; https://nvd.nist.gov/vuln/detail/CVE-2021-22681
Evidence

Type: Vendor Report

Signal: Successful Exploitation

Confidence: 80%

Source: cisa-kev

Details
Cwes CWE-522
Feed CISA Known Exploited Vulnerabilities Catalog
Product Multiple Products
Due Date 2026-03-26
Date Added 2026-03-05
Vendorproject Rockwell
Vulnerabilityname Rockwell Multiple Products Insufficient Protected Credentials Vulnerability
Knownransomwarecampaignuse Unknown
References
Created: 2026-03-05 20:00 UTC | Updated: 2026-03-05 20:00 UTC
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T18:51:06.940Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-056-03"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2021-22681",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-05T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2026-03-05",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22681"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-06T05:01:20.925Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22681"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2026-03-05T00:00:00.000Z",
            "value": "CVE-2021-22681 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rockwell Automation Studio 5000 Logix Designer, RSLogix 5000, Logix Controllers",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "RSLogix 5000 Versions 16 through 20"
            },
            {
              "status": "affected",
              "version": "Studio 5000 Logix Designer: Versions 21 and later"
            },
            {
              "status": "affected",
              "version": "CompactLogix 1768, 1769, 5370, 5380, 5480"
            },
            {
              "status": "affected",
              "version": "ControlLogix 5550, 5560, 5570, 5580"
            },
            {
              "status": "affected",
              "version": "DriveLogix 5560, 5730, 1794-L34"
            },
            {
              "status": "affected",
              "version": "Compact GuardLogix 5370, 5380"
            },
            {
              "status": "affected",
              "version": "GuardLogix 5570, 5580"
            },
            {
              "status": "affected",
              "version": "SoftLogix 5800"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 use a key to verify Logix controllers are communicating with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800. Rockwell Automation Studio 5000 Logix Designer Versions 21 and later and RSLogix 5000: Versions 16 through 20 are vulnerable because an unauthenticated attacker could bypass this verification mechanism and authenticate with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-522",
              "description": "Insufficiently Protected Credentials CWE-522",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-03T17:59:43.000Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-056-03"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2021-22681",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rockwell Automation Studio 5000 Logix Designer, RSLogix 5000, Logix Controllers",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "RSLogix 5000 Versions 16 through 20"
                          },
                          {
                            "version_value": "Studio 5000 Logix Designer: Versions 21 and later"
                          },
                          {
                            "version_value": "CompactLogix 1768, 1769, 5370, 5380, 5480"
                          },
                          {
                            "version_value": "ControlLogix 5550, 5560, 5570, 5580"
                          },
                          {
                            "version_value": "DriveLogix 5560, 5730, 1794-L34"
                          },
                          {
                            "version_value": "Compact GuardLogix 5370, 5380"
                          },
                          {
                            "version_value": "GuardLogix 5570, 5580"
                          },
                          {
                            "version_value": "SoftLogix 5800"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 use a key to verify Logix controllers are communicating with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800. Rockwell Automation Studio 5000 Logix Designer Versions 21 and later and RSLogix 5000: Versions 16 through 20 are vulnerable because an unauthenticated attacker could bypass this verification mechanism and authenticate with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Insufficiently Protected Credentials CWE-522"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-056-03",
              "refsource": "MISC",
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-056-03"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2021-22681",
    "datePublished": "2021-03-03T17:59:43.000Z",
    "dateReserved": "2021-01-05T00:00:00.000Z",
    "dateUpdated": "2026-03-06T05:01:20.925Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2021-22681",
      "cwes": "[\"CWE-522\"]",
      "dateAdded": "2026-03-05",
      "dueDate": "2026-03-26",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://support.rockwellautomation.com/app/answers/answer_view/a_id/1130301/~/cve-2021-22681%3A-authentication-bypass-vulnerability-found-in-logix-controllers- ; https://www.cisa.gov/news-events/ics-advisories/icsa-21-056-03 ; https://nvd.nist.gov/vuln/detail/CVE-2021-22681",
      "product": "Multiple Products",
      "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
      "shortDescription": "Multiple Rockwell products contain an insufficient protected credentials vulnerability. Studio 5000 Logix Designer software may allow a key to be discovered. This key is used to verify Logix controllers are communicating with Rockwell Automation design software. If successfully exploited, this vulnerability could allow an unauthorized application to connect with Logix controllers. To leverage this vulnerability, an unauthorized user would require network access to the controller.",
      "vendorProject": "Rockwell",
      "vulnerabilityName": "Rockwell Multiple Products Insufficient Protected Credentials Vulnerability"
    },
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rockwellautomation:factorytalk_services_platform:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.10\", \"matchCriteriaId\": \"6755FCF6-4A0C-478A-AEFF-54E35C45149D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rockwellautomation:rslogix_5000:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"16\", \"versionEndIncluding\": \"20\", \"matchCriteriaId\": \"04C30129-3F03-4486-B181-EBDE29751372\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rockwellautomation:studio_5000_logix_designer:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"21.0\", \"matchCriteriaId\": \"9C840463-A11F-43A0-AA45-1AC810713AB6\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:rockwellautomation:compact_guardlogix_5370:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6F951670-AF4D-4429-8BC1-79BDEF83B2C3\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:rockwellautomation:compact_guardlogix_5380:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"62414E65-73C7-4172-B7BF-F40A66AFBB90\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:rockwellautomation:compactlogix_1768:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2E5F100A-C8A3-49F2-B1D2-411432472B6B\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:rockwellautomation:compactlogix_1769:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F8A690BC-4D7C-4B83-A9F6-F860445028A2\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:rockwellautomation:compactlogix_5370:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E12ADAE3-97B1-48BC-BE69-ED75667C1886\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:rockwellautomation:compactlogix_5380:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EDD040ED-B44C-47D0-B4D4-729C378C4F68\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:rockwellautomation:compactlogix_5480:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"80F4F5BE-07DF-402A-BF98-34FBA6A11968\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:rockwellautomation:controllogix_5550:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"13EE2216-F25F-44AB-A167-4EEA153C8F8D\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:rockwellautomation:controllogix_5560:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EA25FF8D-51C5-4928-9B90-E4BD1476F50B\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:rockwellautomation:controllogix_5570:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"482E2CD6-D484-486C-92F4-18432D107E30\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:rockwellautomation:controllogix_5580:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"51BB883B-B863-4D57-B1C0-FC7B3EBD1EA0\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:rockwellautomation:drivelogix_1794-l34:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4A75A0FD-C337-4264-B1E4-96701851D6FA\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:rockwellautomation:drivelogix_5560:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DFDAAA77-6964-44FC-9FFB-ECDF71665965\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:rockwellautomation:drivelogix_5730:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"03E185C3-17CA-4E3F-863B-9F906C5C59EA\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:rockwellautomation:guardlogix_5570:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"321AE938-192A-4342-8608-ADC81F0B6582\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:rockwellautomation:guardlogix_5580:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"006B7683-9FDF-4748-BA28-2EA22613E092\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:rockwellautomation:softlogix_5800:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BDAB7B6D-CCAC-460B-8A88-3397A2397078\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 use a key to verify Logix controllers are communicating with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800. Rockwell Automation Studio 5000 Logix Designer Versions 21 and later and RSLogix 5000: Versions 16 through 20 are vulnerable because an unauthenticated attacker could bypass this verification mechanism and authenticate with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800.\"}, {\"lang\": \"es\", \"value\": \"Rockwell Automation Studio 5000 Logix Designer versiones 21 y posteriores, y RSLogix 5000 versiones 16 hasta 20, usan una clave para verificar que los controladores Logix se est\\u00e9n comunicando con Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580;\u0026#xa0;DriveLogix 5560, 5730, 1794-L34;\u0026#xa0;Compact GuardLogix 5370, 5380;\u0026#xa0;GuardLogix 5570, 5580;\u0026#xa0;SoftLogix 5800. Rockwell Automation Studio 5000 Logix Designer versiones 21 y posteriores y RSLogix 5000: Versiones 16 hasta 20, son vulnerables porque un atacante no autenticado podr\\u00eda pasar por alto este mecanismo de comprobaci\\u00f3n y autenticarse con Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550 , 5560, 5570, 5580;\u0026#xa0;DriveLogix 5560, 5730, 1794-L34;\u0026#xa0;Compact GuardLogix 5370, 5380;\u0026#xa0;GuardLogix 5570, 5580;\u0026#xa0;SoftLogix 5800\"}]",
      "id": "CVE-2021-22681",
      "lastModified": "2024-11-21T05:50:28.110",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2021-03-03T18:15:14.643",
      "references": "[{\"url\": \"https://us-cert.cisa.gov/ics/advisories/icsa-21-056-03\", \"source\": \"ics-cert@hq.dhs.gov\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://us-cert.cisa.gov/ics/advisories/icsa-21-056-03\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}]",
      "sourceIdentifier": "ics-cert@hq.dhs.gov",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"ics-cert@hq.dhs.gov\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-522\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-522\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-22681\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2021-03-03T18:15:14.643\",\"lastModified\":\"2026-03-06T13:44:06.370\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 use a key to verify Logix controllers are communicating with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800. Rockwell Automation Studio 5000 Logix Designer Versions 21 and later and RSLogix 5000: Versions 16 through 20 are vulnerable because an unauthenticated attacker could bypass this verification mechanism and authenticate with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800.\"},{\"lang\":\"es\",\"value\":\"Rockwell Automation Studio 5000 Logix Designer versiones 21 y posteriores, y RSLogix 5000 versiones 16 hasta 20, usan una clave para verificar que los controladores Logix se est\u00e9n comunicando con Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580;\u0026#xa0;DriveLogix 5560, 5730, 1794-L34;\u0026#xa0;Compact GuardLogix 5370, 5380;\u0026#xa0;GuardLogix 5570, 5580;\u0026#xa0;SoftLogix 5800. Rockwell Automation Studio 5000 Logix Designer versiones 21 y posteriores y RSLogix 5000: Versiones 16 hasta 20, son vulnerables porque un atacante no autenticado podr\u00eda pasar por alto este mecanismo de comprobaci\u00f3n y autenticarse con Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550 , 5560, 5570, 5580;\u0026#xa0;DriveLogix 5560, 5730, 1794-L34;\u0026#xa0;Compact GuardLogix 5370, 5380;\u0026#xa0;GuardLogix 5570, 5580;\u0026#xa0;SoftLogix 5800\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"cisaExploitAdd\":\"2026-03-05\",\"cisaActionDue\":\"2026-03-26\",\"cisaRequiredAction\":\"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.\",\"cisaVulnerabilityName\":\"Rockwell Multiple Products Insufficient Protected Credentials Vulnerability\",\"weaknesses\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-522\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-522\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rockwellautomation:factorytalk_services_platform:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.10\",\"matchCriteriaId\":\"6755FCF6-4A0C-478A-AEFF-54E35C45149D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rockwellautomation:rslogix_5000:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16\",\"versionEndIncluding\":\"20\",\"matchCriteriaId\":\"04C30129-3F03-4486-B181-EBDE29751372\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rockwellautomation:studio_5000_logix_designer:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"21.0\",\"matchCriteriaId\":\"9C840463-A11F-43A0-AA45-1AC810713AB6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:rockwellautomation:compact_guardlogix_5370:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F951670-AF4D-4429-8BC1-79BDEF83B2C3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:rockwellautomation:compact_guardlogix_5380:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62414E65-73C7-4172-B7BF-F40A66AFBB90\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:rockwellautomation:compactlogix_1768:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E5F100A-C8A3-49F2-B1D2-411432472B6B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:rockwellautomation:compactlogix_1769:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F8A690BC-4D7C-4B83-A9F6-F860445028A2\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:rockwellautomation:compactlogix_5370:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E12ADAE3-97B1-48BC-BE69-ED75667C1886\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:rockwellautomation:compactlogix_5380:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EDD040ED-B44C-47D0-B4D4-729C378C4F68\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:rockwellautomation:compactlogix_5480:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80F4F5BE-07DF-402A-BF98-34FBA6A11968\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:rockwellautomation:controllogix_5550:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"13EE2216-F25F-44AB-A167-4EEA153C8F8D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:rockwellautomation:controllogix_5560:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA25FF8D-51C5-4928-9B90-E4BD1476F50B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:rockwellautomation:controllogix_5570:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"482E2CD6-D484-486C-92F4-18432D107E30\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:rockwellautomation:controllogix_5580:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51BB883B-B863-4D57-B1C0-FC7B3EBD1EA0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:rockwellautomation:drivelogix_1794-l34:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A75A0FD-C337-4264-B1E4-96701851D6FA\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:rockwellautomation:drivelogix_5560:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DFDAAA77-6964-44FC-9FFB-ECDF71665965\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:rockwellautomation:drivelogix_5730:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03E185C3-17CA-4E3F-863B-9F906C5C59EA\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:rockwellautomation:guardlogix_5570:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"321AE938-192A-4342-8608-ADC81F0B6582\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:rockwellautomation:guardlogix_5580:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"006B7683-9FDF-4748-BA28-2EA22613E092\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:rockwellautomation:softlogix_5800:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BDAB7B6D-CCAC-460B-8A88-3397A2397078\"}]}]}],\"references\":[{\"url\":\"https://us-cert.cisa.gov/ics/advisories/icsa-21-056-03\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://us-cert.cisa.gov/ics/advisories/icsa-21-056-03\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22681\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://us-cert.cisa.gov/ics/advisories/icsa-21-056-03\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T18:51:06.940Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2021-22681\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-05T19:14:05.737771Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2026-03-05\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22681\"}}}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22681\", \"tags\": [\"government-resource\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-03-05T17:41:53.367Z\"}, \"timeline\": [{\"lang\": \"en\", \"time\": \"2026-03-05T00:00:00.000Z\", \"value\": \"CVE-2021-22681 added to CISA KEV\"}]}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"Rockwell Automation Studio 5000 Logix Designer, RSLogix 5000, Logix Controllers\", \"versions\": [{\"status\": \"affected\", \"version\": \"RSLogix 5000 Versions 16 through 20\"}, {\"status\": \"affected\", \"version\": \"Studio 5000 Logix Designer: Versions 21 and later\"}, {\"status\": \"affected\", \"version\": \"CompactLogix 1768, 1769, 5370, 5380, 5480\"}, {\"status\": \"affected\", \"version\": \"ControlLogix 5550, 5560, 5570, 5580\"}, {\"status\": \"affected\", \"version\": \"DriveLogix 5560, 5730, 1794-L34\"}, {\"status\": \"affected\", \"version\": \"Compact GuardLogix 5370, 5380\"}, {\"status\": \"affected\", \"version\": \"GuardLogix 5570, 5580\"}, {\"status\": \"affected\", \"version\": \"SoftLogix 5800\"}]}], \"references\": [{\"url\": \"https://us-cert.cisa.gov/ics/advisories/icsa-21-056-03\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 use a key to verify Logix controllers are communicating with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800. Rockwell Automation Studio 5000 Logix Designer Versions 21 and later and RSLogix 5000: Versions 16 through 20 are vulnerable because an unauthenticated attacker could bypass this verification mechanism and authenticate with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-522\", \"description\": \"Insufficiently Protected Credentials CWE-522\"}]}], \"providerMetadata\": {\"orgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"shortName\": \"icscert\", \"dateUpdated\": \"2021-03-03T17:59:43.000Z\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"RSLogix 5000 Versions 16 through 20\"}, {\"version_value\": \"Studio 5000 Logix Designer: Versions 21 and later\"}, {\"version_value\": \"CompactLogix 1768, 1769, 5370, 5380, 5480\"}, {\"version_value\": \"ControlLogix 5550, 5560, 5570, 5580\"}, {\"version_value\": \"DriveLogix 5560, 5730, 1794-L34\"}, {\"version_value\": \"Compact GuardLogix 5370, 5380\"}, {\"version_value\": \"GuardLogix 5570, 5580\"}, {\"version_value\": \"SoftLogix 5800\"}]}, \"product_name\": \"Rockwell Automation Studio 5000 Logix Designer, RSLogix 5000, Logix Controllers\"}]}, \"vendor_name\": \"n/a\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://us-cert.cisa.gov/ics/advisories/icsa-21-056-03\", \"name\": \"https://us-cert.cisa.gov/ics/advisories/icsa-21-056-03\", \"refsource\": \"MISC\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 use a key to verify Logix controllers are communicating with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800. Rockwell Automation Studio 5000 Logix Designer Versions 21 and later and RSLogix 5000: Versions 16 through 20 are vulnerable because an unauthenticated attacker could bypass this verification mechanism and authenticate with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"Insufficiently Protected Credentials CWE-522\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2021-22681\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"ics-cert@hq.dhs.gov\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2021-22681\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-03-06T05:01:20.925Z\", \"dateReserved\": \"2021-01-05T00:00:00.000Z\", \"assignerOrgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"datePublished\": \"2021-03-03T17:59:43.000Z\", \"assignerShortName\": \"icscert\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.