Max level vulnerability found in Logix PLCs

A new vulnerability discovered in various Rockwell Automation programmable logic controllers (PLC) has received a 10 out of 10 risk score, the highest possible on the CVSS vulnerability scale.

The new vulnerability is being tracked as CVE-2021-22681. Attackers can abuse this flaw in the Logix Designer 5000 software to gain the secret cryptographic key, which is used to establish a secure connection between the PLC and the engineering station. The keys are baked into the hardware so they cannot be changed by the operator.

Once obtained, the key can be used to bypass verification systems, giving the attacker unrestricted access to the engineering systems. The attacker can then remotely install malware onto the afflicted devices to sabotage the manufacturing process.

From IT World Canada:

VMware’s code-execution flaw has a severity rating of 9.8 out of 10


The Industrial Control System Cyber Emergency Response Team wrote in an advisory that this vulnerability requires low skill to execute.

Although the flaw was publicly disclosed on Feb. 25, Rockwell Automation had known about the flaw since it was first discovered by cybersecurity firm Claroty in 2019.

No patch is currently available. In the meantime, Rockwell Automation recommends setting the controllers to “run” mode and segment the devices’ networks. It also urges operators to keep their security suites up to date.

To track if an attack has occurred, Rockwell Automation suggests monitoring the controller’s changelog and Logix Designer’s Change Detection feature.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) also has a page set up for control systems security recommended practices.

Affected PLCs include:

  • CompactLogix 1768
  • CompactLogix 1769
  • CompactLogix 5370
  • CompactLogix 5380
  • CompactLogix 5480
  • ControlLogix 5550
  • ControlLogix 5560
  • ControlLogix 5570
  • ControlLogix 5580
  • DriveLogix 5560
  • DriveLogix 5730
  • DriveLogix 1794-L34
  • Compact GuardLogix 5370
  • Compact GuardLogix 5380
  • GuardLogix 5570
  • GuardLogix 5580
  • SoftLogix 5800

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Tom Li
Tom Li
Telecommunication and consumer hardware are Tom's main beats at Channel Daily News. He loves to talk about Canada's network infrastructure, semiconductor products, and of course, anything hot and new in the consumer technology space. You'll also occasionally see his name appended to articles on cloud, security, and SaaS-related news. If you're ever up for a lengthy discussion about the nuances of each of the above sectors or have an upcoming product that people will love, feel free to drop him a line at [email protected].

Related Tech News

Featured Tech Jobs


CDN in your inbox

CDN delivers a critical analysis of the competitive landscape detailing both the challenges and opportunities facing solution providers. CDN's email newsletter details the most important news and commentary from the channel.