CVE-2021-22681

Published: Mar 3, 2021

Modified: Mar 6, 2026

PUBLISHED

Description

Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 use a key to verify Logix controllers are communicating with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800. Rockwell Automation Studio 5000 Logix Designer Versions 21 and later and RSLogix 5000: Versions 16 through 20 are vulnerable because an unauthenticated attacker could bypass this verification mechanism and authenticate with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800.

Vendor	Product	Versions
n/a	Rockwell Automation Studio 5000 Logix Designer, RSLogix 5000, Logix Controllers	affected `RSLogix 5000 Versions 16 through 20` affected `Studio 5000 Logix Designer: Versions 21 and later` affected `CompactLogix 1768, 1769, 5370, 5380, 5480` affected `ControlLogix 5550, 5560, 5570, 5580` affected `DriveLogix 5560, 5730, 1794-L34` +3 more versions

Weaknesses (CWE)

CWE-522

References

https://us-cert.cisa.gov/ics/advisories/icsa-21-056-03

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-22681

Description

Affected Products

Weaknesses (CWE)

References