A critical, easy to exploit vulnerability (CVE-2021-22681) may allow attackers to remotely connect to a number of Rockwell Automation’s programmable logic controllers (PLCs) The flaw may allow an attacker to discover the cryptographic key used to verify communication between Rockwell Logix controllers and engineering stations. The vulnerability has been independently discovered by Claroty, Kaspersky Lab, and researchers from South Korea’s Soonchunhyang University’s Lab of Information Systems Security Assurance.
Source: https://www.helpnetsecurity.com/2021/03/01/cve-2021-22681/