CVE-2021-22681 – Rockwell Automation Studio 5000 Logix Designer

“A weakness in industrial engineering software could allow an attacker to bypass authentication and gain full control of critical configuration tools. When authentication fails, the systems used to manage industrial operations become exposed.”

Rockwell Automation addressed CVE-2021-22681, an authentication bypass vulnerability affecting Studio 5000 Logix Designer. This issue carries a CVSS v3.1 score of 10.0 (Critical). The vulnerability could allow an attacker to bypass authentication controls and gain unauthorized access to the application environment.

If successfully exploited, an attacker could gain elevated access to engineering functions used to configure and manage ControlLogix and CompactLogix programmable logic controllers (PLCs). This level of access could allow unauthorized modification of controller configurations, project files, and industrial automation logic.

Because Studio 5000 Logix Designer is widely deployed in industrial control system environments, compromise of the engineering workstation or development environment could expose operational technology networks and allow manipulation of industrial processes. There are no verified reports of active exploitation in the wild or confirmed public proof-of-concept exploits associated with this vulnerability.

Patch this CVE on all your endpoints in under 5 minutes. First 200 endpoints are free forever, scale as needed.

CVE-2021-22681 – Rockwell Automation Studio 5000 Logix Designer

Stay Tuned

PLATFORM

SOLUTIONS

RESOURCES

COMPANY

LEGAL

CONTACTS

+1-346-444-8530

Toll Free: 833-444-8530

708 Main St, 10th FL, Houston, TX 77002