Rewterz

Rewterz Threat Advisory – CVE-2021-1368 – Cisco FXOS and NX-OS Software code execution

February 25, 2021
Rewterz

Rewterz Threat Advisory – CVE-2021-27253 – NETGEAR Nighthawk R7800 buffer overflow

February 26, 2021

Rewterz Threat Advisory – CVE-2021-22681 – ICS: Rockwell Automation Logix Controllers security bypass

Severity

High

Analysis Summary

CVE-2021-22681

Rockwell Automation Logix Controllers could allow a remote attacker to bypass security restrictions, caused by the use of weak key for communication verification. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass verification mechanism and authenticate with Logix controllers.

Impact

Security bypass

Affected Vendors

Rockwell Automation

Affected Products

Rockwell Automation ControlLogix 5560 controllers

Remediation

Upgrade to the latest version of Logix Controllers, available from the Rockwell Automation advisory along with the affected products.

Rockwell Automation Web site

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.