Critical Flaws Lurking in Plain Sight: Hikvision and Rockwell Automation Under Fire

Imagine thousands of security cameras and industrial controllers quietly running across America - inside government buildings, factories, even power plants. Now imagine a silent threat: hackers slipping past digital locks, seizing control, and potentially altering what these machines see, record, or do. This is no hypothetical. In a move that should sound alarm bells for cybersecurity teams everywhere, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has just added two major vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, both scoring a near-maximum 9.8 out of 10 on the CVSS risk scale.

The vulnerabilities in question - CVE-2017-7921 in Hikvision products and CVE-2021-22681 in Rockwell Automation controllers - expose the backbone of surveillance and industrial control systems. Hikvision, the world’s leading surveillance camera manufacturer, has a flaw that allows attackers to skip authentication and escalate privileges. Simply put, a hacker can impersonate an authorized user, view sensitive footage, or potentially take control of the device. The SANS Internet Storm Center reported real-world exploitation attempts against vulnerable Hikvision cameras, confirming that this is more than a theoretical risk.

Rockwell Automation’s flaw is equally alarming. Found in Studio 5000 Logix Designer, RSLogix 5000, and Logix Controllers, the bug allows attackers with network access to bypass security checks, authenticate themselves, and tamper with device configurations or application code. While no public attacks have been reported yet, the potential for sabotage in industrial settings - from water treatment plants to manufacturing lines - is chilling.

CISA’s addition of these flaws to the KEV catalog is significant. The KEV list tracks vulnerabilities known to be actively exploited “in the wild,” serving as a red flag for IT security teams. As part of Binding Operational Directive 22-01, federal agencies are required to patch these vulnerabilities by March 26, 2026, but CISA’s warning extends far beyond government offices. “These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise,” the agency stated, urging all organizations - public and private - to prioritize patching and update their systems without delay.

The clock is ticking. With attackers already probing for weaknesses and the stakes ranging from privacy breaches to industrial sabotage, the message is clear: vigilance and swift remediation are the only defenses against vulnerabilities hiding in plain sight.

WIKICROOK

• CVSS: CVSS (Common Vulnerability Scoring System) is a standard method for rating the severity of security flaws, with scores from 0.0 to 10.0.
• KEV Catalog: The KEV Catalog is a CISA-maintained list of software vulnerabilities that are currently being exploited by hackers, helping organizations address urgent security threats.
• Privilege Escalation: Privilege escalation occurs when an attacker gains higher-level access, moving from a regular user account to administrator privileges on a system or network.
• Authentication: Authentication is the process of verifying a user's identity before allowing access to systems or data, using methods like passwords or biometrics.
• Industrial Control System (ICS): An Industrial Control System (ICS) is a set of computer-based tools that monitor and control industrial operations like energy, water, and manufacturing.