CISA Adds Two Critical Vulnerabilities to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two critical-severity vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog on Thursday, citing evidence of active exploitation. One of the flaws, CVE-2017-7921 (CVSS score: 9.8), affects Hikvision products and involves an improper authentication vulnerability. The second flaw impacts Rockwell Automation products, though its CVE identifier was not fully disclosed in the provided text. Both vulnerabilities are classified as critical and have been actively exploited in the wild. The addition to the KEV catalog signals a heightened risk requiring immediate attention from affected organizations.