CVE-2021-22681

CRITICAL KEV

Rockwell Automation Studio 5000 <21 - Path Traversal

Title source: llm

Exploitation Summary

CVE-2021-22681 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added March 5, 2026.

Description

Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 use a key to verify Logix controllers are communicating with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800. Rockwell Automation Studio 5000 Logix Designer Versions 21 and later and RSLogix 5000: Versions 16 through 20 are vulnerable because an unauthenticated attacker could bypass this verification mechanism and authenticate with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800.

References (2)

Core 2

Core References

Third Party Advisory, US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22681

Third Party Advisory, US Government Resource x_refsource_misc

https://us-cert.cisa.gov/ics/advisories/icsa-21-056-03

Scores

CVSS v3 9.8

EPSS 0.2041

EPSS Percentile 95.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable yes

Technical Impact total

Details

CISA KEV 2026-03-05

VulnCheck KEV 2026-03-05

ENISA EUVD EUVD-2021-9817

CWE

CWE-522

Status published

Products (3)

rockwellautomation/factorytalk_services_platform 2.10

rockwellautomation/rslogix_5000 16 - 20

rockwellautomation/studio_5000_logix_designer 21.0

Published Mar 03, 2021

KEV Added Mar 05, 2026

Tracked Since Feb 18, 2026