Critical Security Flaws in Hikvision and Rockwell Automation Products

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two critical security flaws impacting Hikvision and Rockwell Automation products to its Known Exploited Vulnerabilities (KEV) catalog. The move comes after evidence of active exploitation of these vulnerabilities was discovered.

The two vulnerabilities in question are:

  • CVE-2017-7921 (CVSS score: 9.8): This is an improper authentication vulnerability affecting Hikvision products. It allows attackers to bypass authentication mechanisms, potentially leading to unauthorized access to sensitive information and systems.
  • CVE-2022-1164 (CVSS score: 9.4): This vulnerability affects Rockwell Automation products and is related to a stack-based buffer overflow. It can be exploited by attackers to execute arbitrary code on the affected systems, leading to a complete compromise of the system.

Both vulnerabilities have been assigned high CVSS scores, indicating their potential to cause significant harm if exploited. The addition of these vulnerabilities to the CISA KEV catalog highlights the urgency of addressing these security flaws to prevent further exploitation.

Advertisement

Organizations using Hikvision and Rockwell Automation products are advised to take immediate action to patch these vulnerabilities and protect their systems from potential attacks. This includes applying the latest security updates, monitoring system activity for signs of exploitation, and implementing additional security measures to prevent unauthorized access.

The CISA KEV catalog is a repository of known exploited vulnerabilities that have been reported to CISA by multiple sources. The catalog provides a list of vulnerabilities that are known to be exploited by attackers, helping organizations prioritize their vulnerability management efforts and protect their systems from potential attacks.

In recent years, there has been an increase in the number of reported vulnerabilities in various products, including those from Hikvision and Rockwell Automation. This highlights the importance of ongoing vulnerability management and the need for organizations to stay vigilant in protecting their systems from potential threats.

As the threat landscape continues to evolve, it is essential for organizations to stay informed about the latest security threats and take proactive measures to protect their systems. This includes implementing robust security measures, conducting regular security audits, and staying up-to-date with the latest security patches and updates.