Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-22681

KEV EPSS 18.16% · P95
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-22681

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 use a key to verify Logix controllers are communicating with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800. Rockwell Automation Studio 5000 Logix Designer Versions 21 and later and RSLogix 5000: Versions 16 through 20 are vulnerable because an unauthenticated attacker could bypass this verification mechanism and authenticate with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
不充分的凭证保护机制
Source: NVD (National Vulnerability Database)
Vulnerability Title
Rockwell Automation RSLogix 500 和 Logix Designer Studio 5000 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Rockwell Automation RSLogix 500 Software和Logix Designer Studio 5000都是美国罗克韦尔(Rockwell Automation)公司的产品。RSLogix 500 Software是一套用于工业控制系统的编程软件。Logix Designer Studio 5000是一套逻辑控制器编程软件。 RSLogix 5000: Versions 16 through 20和Studio 5000 Logix Designer: Versions 21
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

VendorProductAffected VersionsCPESubscribe
-Rockwell Automation Studio 5000 Logix Designer, RSLogix 5000, Logix Controllers RSLogix 5000 Versions 16 through 20 -

II. Public POCs for CVE-2021-22681

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2021-22681

登录查看更多情报信息。

Same Patch Batch · n/a · 2021-03-03 · 36 CVEs total

CVE-2021-233474.7 MEDIUMCross-site Scripting (XSS)
CVE-2021-21978VMware View Planner 代码问题漏洞
CVE-2020-25647grub2 缓冲区错误漏洞
CVE-2020-25632grub2 资源管理错误漏洞
CVE-2021-20225grub2 缓冲区错误漏洞
CVE-2021-20233grub2 缓冲区错误漏洞
CVE-2020-29047WordPress 代码问题漏洞
CVE-2021-22877Nextcloud 访问控制错误漏洞
CVE-2021-22878Nextcloud Server 跨站脚本漏洞
CVE-2020-8296Nextcloud 安全漏洞
CVE-2020-27749grub2 缓冲区错误漏洞
CVE-2020-28597Epignosis EfrontPro 安全漏洞
CVE-2020-28591Slic3r 缓冲区错误漏洞
CVE-2020-13558WebKitGTK 资源管理错误漏洞
CVE-2021-27839Online Invoicing System 注入漏洞
CVE-2021-27935AdGuard 安全漏洞
CVE-2021-27931LumisXP 代码问题漏洞
CVE-2021-27940openark orchestrator 跨站脚本漏洞
CVE-2021-22666FATEK FvDesigner 缓冲区错误漏洞
CVE-2021-27923Pillow 输入验证错误漏洞

Showing top 20 of 36 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same vendor: n/a
Same weakness: CWE-522

V. Comments for CVE-2021-22681

No comments yet

Leave a comment