A critical-severity vulnerability, CVE-2017-7921, with a CVSS score of 9.8, has been added to the Known Exploited Vulnerabilities catalog by the US Cybersecurity and Infrastructure Security Agency (CISA), due to evidence of active exploitation1. This improper authentication vulnerability affects Hikvision products, posing a significant risk to users. Another flaw impacting Rockwell Automation products has also been included in the catalog. The addition of these vulnerabilities to the KEV catalog indicates that they are being actively exploited by threat actors, making them a high priority for remediation. The CISA's decision to include these vulnerabilities in the catalog is based on credible evidence of exploitation, highlighting the need for immediate attention from security teams. The active exploitation of CVE-2017-7921 underscores the importance of prompt patching or monitoring, making it a critical concern for security practitioners to address this vulnerability to prevent potential breaches.
Hikvision and Rockwell Automation CVSS 9.8 Flaws Added to CISA KEV Catalog
⚠️ Critical Alert
Why This Matters
CVE-2017-7921 is in active discussion involving CISA — exploitation status determines whether this is patch-now or monitor.
References
- The Hacker News. (2026, March 6). Hikvision and Rockwell Automation CVSS 9.8 Flaws Added to CISA KEV Catalog. *The Hacker News*. https://thehackernews.com/2026/03/hikvision-and-rockwell-automation-cvss.html
Original Source
The Hacker News
Read original →