Summary

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added critical vulnerabilities affecting Hikvision and Rockwell Automation products to its Known Exploited Vulnerabilities (KEV) catalog. These flaws are actively being exploited, posing significant security risks.

Key Points

• CISA added two vulnerabilities to the KEV catalog on Thursday.
• The vulnerabilities affect Hikvision and Rockwell Automation products.
• CVE-2017-7921 is an improper authentication vulnerability with a CVSS score of 9.8.
• These vulnerabilities are being actively exploited in the wild.

Analysis

The inclusion of these vulnerabilities in the CISA KEV catalog highlights their critical nature and the urgency for organizations to address them. The CVSS score of 9.8 indicates a severe risk, particularly as these vulnerabilities are actively exploited, potentially leading to unauthorized access and control over affected systems.

Conclusion

IT professionals should prioritize patching and mitigating these vulnerabilities in Hikvision and Rockwell Automation products to protect their systems from potential exploitation. Regularly monitoring CISA's KEV catalog can help in staying informed about critical vulnerabilities.