CVE-2021-22681

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2021-22681
Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 use a key to verify Logix controllers are communicating with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800. Rockwell Automation Studio 5000 Logix Designer Versions 21 and later and RSLogix 5000: Versions 16 through 20 are vulnerable because an unauthenticated attacker could bypass this verification mechanism and authenticate with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
https://us-cert.cisa.gov/ics/advisories/icsa-21-056-03 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:rockwellautomation:factorytalk_services_platform:*:*:*:*:*:*:*:*
cpe:2.3:a:rockwellautomation:rslogix_5000:*:*:*:*:*:*:*:*
cpe:2.3:a:rockwellautomation:studio_5000_logix_designer:*:*:*:*:*:*:*:*
OR cpe:2.3:h:rockwellautomation:compact_guardlogix_5370:-:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compact_guardlogix_5380:-:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_1768:-:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_1769:-:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_5370:-:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_5380:-:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_5480:-:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:controllogix_5550:-:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:controllogix_5560:-:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:controllogix_5570:-:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:controllogix_5580:-:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:drivelogix_1794-l34:-:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:drivelogix_5560:-:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:drivelogix_5730:-:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:guardlogix_5570:-:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:guardlogix_5580:-:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:softlogix_5800:-:*:*:*:*:*:*:*
History

25 Apr 2022, 16:16

Type Values Removed Values Added
First Time Rockwellautomation factorytalk Services Platform
CPE cpe:2.3:a:rockwellautomation:factorytalk_services_platform:*:*:*:*:*:*:*:*

12 Apr 2022, 16:55

Type Values Removed Values Added
First Time Rockwellautomation rslogix 5000
CPE cpe:2.3:a:rockwellautomation:rslogix_500:*:*:*:*:*:*:*:* cpe:2.3:a:rockwellautomation:rslogix_5000:*:*:*:*:*:*:*:*

11 Mar 2021, 19:44

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : 7.5
v3 : 9.8
References (MISC) https://us-cert.cisa.gov/ics/advisories/icsa-21-056-03 - (MISC) https://us-cert.cisa.gov/ics/advisories/icsa-21-056-03 - Third Party Advisory, US Government Resource
CPE cpe:2.3:h:rockwellautomation:controllogix_5580:-:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:controllogix_5550:-:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:controllogix_5560:-:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:controllogix_5570:-:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compact_guardlogix_5370:-:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:guardlogix_5580:-:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:drivelogix_5730:-:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_5370:-:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_5380:-:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_5480:-:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_1769:-:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compact_guardlogix_5380:-:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:drivelogix_5560:-:*:*:*:*:*:*:*
cpe:2.3:a:rockwellautomation:rslogix_500:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_1768:-:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:drivelogix_1794-l34:-:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:guardlogix_5570:-:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:softlogix_5800:-:*:*:*:*:*:*:*
cpe:2.3:a:rockwellautomation:studio_5000_logix_designer:*:*:*:*:*:*:*:*
CWE CWE-522

03 Mar 2021, 18:16

Type Values Removed Values Added
New CVE
Information

Published : 2021-03-03 18:15

Updated : 2023-12-10 13:41

NVD link : CVE-2021-22681

Mitre link : CVE-2021-22681

CVE.ORG link : CVE-2021-22681

JSON object : View

Products Affected

rockwellautomation

  • controllogix_5580
  • controllogix_5560
  • drivelogix_5560
  • controllogix_5550
  • compact_guardlogix_5370
  • drivelogix_5730
  • compactlogix_1768
  • factorytalk_services_platform
  • guardlogix_5570
  • compact_guardlogix_5380
  • compactlogix_1769
  • guardlogix_5580
  • compactlogix_5380
  • studio_5000_logix_designer
  • compactlogix_5370
  • controllogix_5570
  • drivelogix_1794-l34
  • softlogix_5800
  • rslogix_5000
  • compactlogix_5480
CWE
CWE-522

Insufficiently Protected Credentials