CISA Flags Active Exploitation of Critical Vulnerabilities
The U.S. Cybersecurity and Infrastructure Security Agency added two security vulnerabilities to its Known Exploited Vulnerabilities catalog on March 6, 2026. The agency cited evidence of active exploitation targeting Hikvision and Rockwell Automation products in enterprise environments.
CVE-2017-7921 represents the most severe flaw with a CVSS score of 9.8, classified as an improper authentication vulnerability. The second vulnerability affects Rockwell Automation systems, though specific technical details weren't disclosed in the initial advisory.
Industrial and Surveillance Systems at Risk
Organizations using Hikvision surveillance equipment and Rockwell Automation industrial control systems face immediate exposure. The vulnerabilities affect multiple product lines across both vendors' portfolios.
Critical infrastructure operators, manufacturing facilities, and enterprises with IP camera deployments represent the primary target base for these actively exploited flaws.
Related: Veeam Patches Four Critical RCE Flaws in Backup Software
Related: HPE Patches Five Critical AOS-CX Flaws: RCE, Privilege
Related: Cisco Confirms Active Exploitation of Max-Severity CVE
Related: CISA adds Ivanti EPM flaw to exploited vulnerabilities list
Federal Agencies Must Patch by March 27
CISA's KEV listing mandates federal agencies patch these vulnerabilities by March 27, 2026. Private sector organizations should prioritize immediate remediation given the confirmed active exploitation.
The improper authentication flaw in CVE-2017-7921 allows attackers to bypass security controls and gain unauthorized access to affected Hikvision devices. Organizations should review their network segmentation and access controls while applying vendor patches.
