How severe is CVE-2021-22681?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2021-22681?

This is classified as CWE-522, which is a common weakness in software security.

CVE-2021-22681 - CRITICAL Severity | CVSS 9.8

Vulnerability Description

Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 use a key to verify Logix controllers are communicating with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800. Rockwell Automation Studio 5000 Logix Designer Versions 21 and later and RSLogix 5000: Versions 16 through 20 are vulnerable because an unauthenticated attacker could bypass this verification mechanism and authenticate with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800.

Related Vulnerabilities

CVE-2000-0944

CRITICAL

CVSS:9.8(Critical)

CGI Script Center News Update 1.1 does not properly validate the original news administration password during a password change operation, which allows remote attackers to modify the password without ...

CWE-5222000

CVE-2005-3435

CRITICAL

CVSS:9.8(Critical)

admin_news.php in Archilles Newsworld up to 1.3.0 allows attackers to bypass authentication by obtaining the password hash for another user, for example through another Newsworld vulnerability, and sp...

CWE-5222005

CVE-2007-0681

CRITICAL

CVSS:9.8(Critical)

profile.php in ExtCalendar 2 and earlier allows remote attackers to change the passwords of arbitrary users without providing the original password, and possibly perform other unauthorized actions, vi...

CWE-5222007

CVE-2013-7052

CRITICAL

CVSS:9.8(Critical)

D-Link DIR-100 4.03B07: security bypass via an error in the cliget.cgi script

CWE-5222013

CVE-2013-7055

CRITICAL

CVSS:9.8(Critical)

D-Link DIR-100 4.03B07 has PPTP and poe information disclosure

CWE-5222013

CVE-2014-3445

CRITICAL

CVSS:9.8(Critical)

backup.php in HandsomeWeb SOS Webpages before 1.1.12 does not require knowledge of the cleartext password, which allows remote attackers to bypass authentication by leveraging knowledge of the adminis...

CWE-5222014