Hikvision and Rockwell Automation CVSS 9.8 Flaws Added to CISA KEV Catalog
Summary
CISA has added two critical vulnerabilities affecting Hikvision and Rockwell Automation products to its Known Exploited Vulnerabilities (KEV) catalog. This inclusion is due to evidence of active exploitation of these flaws. One of the vulnerabilities, CVE-2017-7921, has a CVSS score of 9.8 and is an improper authentication vulnerability.
IFF Assessment
The inclusion of actively exploited critical vulnerabilities in the KEV catalog indicates that attackers are currently leveraging these weaknesses, posing an immediate threat to organizations that use the affected products.
Severity
Defender Context
Organizations using Hikvision or Rockwell Automation products should prioritize patching or mitigating CVE-2017-7921 and any other vulnerabilities added to the KEV catalog. The presence of actively exploited critical flaws necessitates rapid response to prevent potential compromise and data loss.