How serious is CVE-2021-22681?

This vulnerability has a CVSS score of 9.8 out of 10, classified as CRITICAL severity. Proof-of-concept exploit code is publicly available, making this an active threat.

Is there exploit code available for CVE-2021-22681?

Yes, proof-of-concept exploit code for CVE-2021-22681 is publicly available on GitHub and security research platforms. This increases the risk of active exploitation.

Which products are affected by CVE-2021-22681?

CVE-2021-22681 affects rockwellautomation factorytalk services platform. Check the full CVE details for specific version information.

How do I fix CVE-2021-22681?

To remediate CVE-2021-22681, check for security patches from rockwellautomation. Apply all available updates and security patches. If no patch is available, implement recommended workarounds or security controls to mitigate the risk.

CVE-2021-22681

Critical

|9.8

Exploit Available

Plain English Summary

AI-powered analysis for quick understanding

An attacker can gain unauthorized access to various Rockwell Automation controllers, allowing them to manipulate or control industrial processes without needing to authenticate. This vulnerability affects specific versions of Rockwell's software and requires no prior credentials, making it particularly dangerous for organizations using these systems.

Technical Description

Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 use a key to verify Logix controllers are communicating with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800. Rockwell Automation Studio 5000 Logix Designer Versions 21 and later and RSLogix 5000: Versions 16 through 20 are vulnerable because an unauthenticated attacker could bypass this verification mechanism and authenticate with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800.

CVSS Vector Analysis

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

Confidentiality ImpactHigh

Integrity ImpactHigh

Availability ImpactHigh

ScopeUnchanged

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploit Resources

Search for proof-of-concept code and exploit modules

GitHub Search Exploit-DB Nuclei Templates Metasploit Vulners

Official References

NIST NVD

Est. Bounty

$13,000($5K-$15K)

Vendor Response

Grade FPatched in 1828 days

Quick Information

Published

Mar 3, 2021

about 5 years ago

Last Modified

Mar 6, 2026

about 1 month ago

Vendor

rockwellautomation

Product

factorytalk services platform

Related Vulnerabilities

CVE-2019-10952Critical

An attacker can send a specially crafted web request to crash the CompactLogix 5370 controllers, making them unavailable, and potentially run malicious code on them. This vulnerability affects specific firmware versions and requires a cold restart to recover the device.

CVE-2019-10954High

An attacker can send specially crafted email packets to a vulnerable Rockwell Automation controller, causing it to crash and enter a state where it cannot recover without a restart. This issue affects specific versions of the CompactLogix and GuardLogix controllers, so those using these devices should be aware of the risk.