Vulnerability in Rockwell Automation Studio 5000 Logix Designer, Rslogix 5000, Controllers
CVE-2021-22681
Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 use a key to verify Logix controllers are communicating with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: Contr…
EPSS: 0.182 (95.3th percentile) — read the EPSS interpretation.
Affected products
- N/a Rockwell Automation Studio 5000 Logix Designer, Rslogix 5000, Controllers — versions RSLogix 5000 Versions 16 through 20, Studio 5000 Logix Designer: Versions 21 and later, CompactLogix 1768, 1769, 5370, 5380, 5480
Weakness classification (CWE)
CISA KEV (Known Exploited Vulnerabilities)
This CVE is on the CISA KEV catalog, added on . CISA KEV inclusion means CISA has confirmed in-the-wild exploitation; US federal agencies are required to remediate within a published due date.
BOD 22-01 due date: .
Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Public proof-of-concept exploits
References
- us-cert.cisa.gov/ics/advisories/icsa-21-056-03 (x_refsource_MISC)
Frequently asked questions
- What is CVE-2021-22681?
- CVE-2021-22681 is a vulnerability in Rockwell Automation Studio 5000 Logix Designer, Rslogix 5000, Controllers, classified under Insufficiently Protected Credentials. Published 2021-03-03.
- Is CVE-2021-22681 known to be exploited?
- Yes. CVE-2021-22681 is listed in the CISA Known Exploited Vulnerabilities catalog (added 2026-03-05), indicating it is being actively exploited. 1 public proof-of-concept repositories are indexed.