theinfosecnews
theinfosecnews
Subscribe to Daily Digest

CVE-2021-22681

CISA KEV

Published March 5, 2026 · Updated April 3, 2026

high

What This Means

## CVE-2021-22681: Rockwell Automation Insufficient Protected Credentials **What it is:** Studio 5000 Logix Designer stores a verification key in insufficiently protected form, allowing attackers with network access to extract it and impersonate legitimate design software when communicating with Logix controllers. **Impact:** An attacker on the network can discover this key, then connect unauthorized applications directly to Logix industrial controllers, potentially modifying ladder logic, stealing configurations, or disrupting operations. **What to do:** Apply Rockwell's security patches for Studio 5000 Logix Designer immediately; segment Logix controller networks from untrusted segments; implement network monitoring to detect unauthorized connection attempts to controllers; review access logs for suspicious design software connections to identify past exploitation.

Official Description+

Multiple Rockwell products contain an insufficient protected credentials vulnerability. Studio 5000 Logix Designer software may allow a key to be discovered. This key is used to verify Logix controllers are communicating with Rockwell Automation design software. If successfully exploited, this vulnerability could allow an unauthorized application to connect with Logix controllers. To leverage this vulnerability, an unauthorized user would require network access to the controller.

Affected Products

VendorProduct
RockwellMultiple Products

Patch Status

Patch by 2026-03-26

Recommended Actions

  1. Check if your systems use any of the affected products listed above.
  2. Apply vendor patches immediately if available.
  3. This vulnerability is in CISA's Known Exploited Vulnerabilities catalog — prioritize remediation.
  4. Monitor vendor advisories for updates and additional mitigations.
  5. Review logs for indicators of compromise related to CVE-2021-22681.

Related Coverage

Vvulnerability

CVE-2021-22681: Rockwell Automation Studio 5000 Exposes Verification Key, Enabling Unauthorized Logix Controller Access

CVE-2021-22681 affects Rockwell Automation's Studio 5000 Logix Designer, which stores a controller verification key without adequate protection. An attacker with network access can extract the key and use it to connect unauthorized applications directly to Logix PLCs, enabling ladder logic modification, configuration theft, or process disruption. CISA has added this vulnerability to its Known Exploited Vulnerabilities catalog with a federal patching deadline of March 26, 2026.

CISA KEV·29d ago·3 min read