CVE-2021-22681

Summary

Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 use a key to verify Logix controllers are communicating with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800. Rockwell Automation Studio 5000 Logix Designer Versions 21 and later and RSLogix 5000: Versions 16 through 20 are vulnerable because an unauthenticated attacker could bypass this verification mechanism and authenticate with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800.

Affected Software

VendorProductVersion RangeStatus
n/aRockwell Automation Studio 5000 Logix Designer, RSLogix 5000, Logix ControllersRSLogix 5000 Versions 16 through 20affected
n/aRockwell Automation Studio 5000 Logix Designer, RSLogix 5000, Logix ControllersStudio 5000 Logix Designer: Versions 21 and lateraffected
n/aRockwell Automation Studio 5000 Logix Designer, RSLogix 5000, Logix ControllersCompactLogix 1768, 1769, 5370, 5380, 5480affected
n/aRockwell Automation Studio 5000 Logix Designer, RSLogix 5000, Logix ControllersControlLogix 5550, 5560, 5570, 5580affected
n/aRockwell Automation Studio 5000 Logix Designer, RSLogix 5000, Logix ControllersDriveLogix 5560, 5730, 1794-L34affected
n/aRockwell Automation Studio 5000 Logix Designer, RSLogix 5000, Logix ControllersCompact GuardLogix 5370, 5380affected
n/aRockwell Automation Studio 5000 Logix Designer, RSLogix 5000, Logix ControllersGuardLogix 5570, 5580affected
n/aRockwell Automation Studio 5000 Logix Designer, RSLogix 5000, Logix ControllersSoftLogix 5800affected

Weaknesses

  • CWE-522: Insufficiently Protected Credentials CWE-522

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: yes
    • Technical Impact: total

Additional References

References