Vulnerability Details CVE-2021-22681
Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 use a key to verify Logix controllers are communicating with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800. Rockwell Automation Studio 5000 Logix Designer Versions 21 and later and RSLogix 5000: Versions 16 through 20 are vulnerable because an unauthenticated attacker could bypass this verification mechanism and authenticate with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 25.4%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2021-22681
-
cpe:2.3:a:rockwellautomation:factorytalk_services_platform:2.51.00.8
-
cpe:2.3:a:rockwellautomation:factorytalk_services_platform:2.61
-
cpe:2.3:a:rockwellautomation:factorytalk_services_platform:2.71
-
cpe:2.3:a:rockwellautomation:factorytalk_services_platform:2.73
-
cpe:2.3:a:rockwellautomation:factorytalk_services_platform:2.74
-
cpe:2.3:a:rockwellautomation:factorytalk_services_platform:2.80
-
cpe:2.3:a:rockwellautomation:factorytalk_services_platform:2.90
-
cpe:2.3:a:rockwellautomation:factorytalk_services_platform:6.10.00
-
cpe:2.3:a:rockwellautomation:factorytalk_services_platform:6.11.00
-
cpe:2.3:a:rockwellautomation:factorytalk_services_platform:6.31.00
-
cpe:2.3:a:rockwellautomation:factorytalk_services_platform:cpr9
-
cpe:2.3:a:rockwellautomation:rslogix_5000:*
-
cpe:2.3:a:rockwellautomation:studio_5000_logix_designer:32.0
-
cpe:2.3:a:rockwellautomation:studio_5000_logix_designer:32.00
-
cpe:2.3:a:rockwellautomation:studio_5000_logix_designer:32.01
-
cpe:2.3:a:rockwellautomation:studio_5000_logix_designer:32.02
-
cpe:2.3:a:rockwellautomation:studio_5000_logix_designer:33.00
-
cpe:2.3:h:rockwellautomation:compact_guardlogix_5370:-
-
cpe:2.3:h:rockwellautomation:compact_guardlogix_5380:-
-
cpe:2.3:h:rockwellautomation:compactlogix_1768:-
-
cpe:2.3:h:rockwellautomation:compactlogix_1769:-
-
cpe:2.3:h:rockwellautomation:compactlogix_5370:-
-
cpe:2.3:h:rockwellautomation:compactlogix_5380:-
-
cpe:2.3:h:rockwellautomation:compactlogix_5480:-
-
cpe:2.3:h:rockwellautomation:controllogix_5550:-
-
cpe:2.3:h:rockwellautomation:controllogix_5560:-
-
cpe:2.3:h:rockwellautomation:controllogix_5570:-
-
cpe:2.3:h:rockwellautomation:controllogix_5580:-
-
cpe:2.3:h:rockwellautomation:drivelogix_1794-l34:-
-
cpe:2.3:h:rockwellautomation:drivelogix_5560:-
-
cpe:2.3:h:rockwellautomation:drivelogix_5730:-
-
cpe:2.3:h:rockwellautomation:guardlogix_5570:-
-
cpe:2.3:h:rockwellautomation:guardlogix_5580:-
-
cpe:2.3:h:rockwellautomation:softlogix_5800:-