Connect with us
CISA KEV catalog

Security

CISA Adds Critical Hikvision, Rockwell Flaws to KEV Catalog

CISA Adds Critical Hikvision, Rockwell Flaws to KEV Catalog

The U.S. cybersecurity and Infrastructure Security Agency (CISA) has added two critical security vulnerabilities affecting products from Hikvision and Rockwell Automation to its Known Exploited Vulnerabilities catalog. The agency announced the additions on Thursday, stating it possesses evidence that both flaws are being actively exploited in attacks.

Details of the Catalogued Vulnerabilities

The first vulnerability, tracked as CVE-2017-7921, carries a maximum severity CVSS score of 9.8. It is an improper authentication flaw in certain Hikvision IP cameras. This weakness could allow an unauthenticated attacker to bypass security controls and access sensitive device information, including user credentials and live video feeds.

The second flaw, identified as CVE-2024-21912, also has a CVSS score of 9.8. This vulnerability exists in Rockwell Automation’s Arena simulation software. It is a memory corruption issue that could enable remote code execution, potentially giving an attacker full control over an affected system.

Mandatory Remediation for Federal Agencies

Inclusion in the KEV catalog carries significant weight for U.S. federal civilian executive branch agencies. According to a binding operational directive from CISA, these agencies are required to apply available security patches for listed vulnerabilities within strict deadlines. For these newly added flaws, the remediation deadline is set for May 2, 2024.

While the directive applies directly to federal bodies, CISA strongly urges all organizations, including private companies and critical infrastructure operators, to prioritize patching these vulnerabilities. The agency’s public catalog serves as a prioritized list of security defects that are confirmed to be under active exploitation by malicious actors.

Background on the Security Flaws

CVE-2017-7921, the Hikvision camera vulnerability, was originally disclosed several years ago. Its re-emergence in the KEV catalog indicates that despite available fixes, unpatched devices remain in operation and are being targeted in ongoing campaigns. Hikvision has previously published firmware updates to address this authentication bypass issue.

CVE-2024-21912 is a more recent discovery affecting Rockwell Automation’s Arena simulation and modeling software. Rockwell Automation has released a security advisory detailing the vulnerability and providing updated software versions that resolve the memory corruption risk. The company advises users to update to the latest version immediately.

Implications for Global Network Security

The simultaneous listing of these high-severity flaws highlights the persistent threat to operational technology and internet-connected devices. Hikvision cameras are deployed worldwide in both public and private sectors, while Rockwell Automation’s software is integral to industrial and manufacturing design processes. Successful exploitation could lead to data theft, surveillance, or disruption of industrial operations.

Security researchers note that vulnerabilities in widely used products like these are attractive targets for both cybercriminal groups and state-sponsored threat actors. The confirmed exploitation suggests these flaws are being used in real-world attacks, increasing the urgency for mitigation.

Recommended Actions for Organizations

CISA’s primary recommendation is for all users and administrators to review the agency’s KEV catalog entry and apply the necessary vendor-provided updates without delay. Organizations using affected Hikvision camera models should ensure they are running the latest firmware. Entities utilizing Rockwell Automation Arena software must upgrade to the patched versions specified in the vendor’s advisory.

As a broader security practice, network defenders are advised to implement robust segmentation, especially for operational technology and IoT devices, to limit the potential impact of a breach. Regular vulnerability scanning and timely patch management remain fundamental defenses against such threats.

Looking ahead, cybersecurity officials expect continued scrutiny of widely deployed enterprise and industrial software. The addition of these flaws to the KEV catalog is part of an ongoing effort to provide actionable intelligence and compel timely patching. Organizations globally are likely to conduct internal audits to identify and secure any systems susceptible to these now-publicly exploited vulnerabilities.

Source: U.S. Cybersecurity and Infrastructure Security Agency (CISA)

Related Topics

More in Security