CVE-2021-22681

Name of the Vulnerable Software and Affected Versions Rockwell Automation Studio 5000 Logix Designer versions 21 and later, and RSLogix 5000 versions 16 through 20.

Description An authentication bypass issue exists in Rockwell Automation's Studio 5000 Logix Designer and RSLogix 5000 software, affecting CompactLogix 1768, 1769, 5370, 5380, 5480, ControlLogix 5550, 5560, 5570, 5580, DriveLogix 5560, 5730, 1794-L34, Compact GuardLogix 5370, 5380, GuardLogix 5570, 5580, and SoftLogix 5800 controllers. An unauthenticated attacker can bypass verification mechanisms and authenticate with these controllers. This vulnerability, identified as CVE-2021-22681, is actively exploited by Iranian-affiliated threat actors, including CyberAv3ngers, who have moved beyond defacement to manipulating PLC logic in U.S. critical infrastructure sectors like water, energy, and government. The vulnerability stems from a hardcoded authentication key. There is currently no patch available.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.