ReportizFlow
Filtered by vendor Cognex
Subscriptions
Total
13 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-54860 | 1 Cognex | 2 In-sight Camera Firmware, In Sight Explorer | 2025-09-19 | 7.7 High |
| Cognex In-Sight Explorer and In-Sight Camera Firmware expose a telnet-based service on port 23 in order to allow management operations on the device such as firmware upgrades and device reboot requiring an authentication. A wrong management of login failures of the service allows a denial-of-service attack, leaving the telnet service into an unreachable state. | ||||
| CVE-2025-53969 | 1 Cognex | 2 In-sight Camera Firmware, In-sight Explorer | 2025-09-19 | 8.8 High |
| Cognex In-Sight Explorer and In-Sight Camera Firmware expose a service implementing a proprietary protocol on TCP port 1069 to allow the client-side software, such as the In-Sight Explorer tool, to perform management operations such as changing network settings or modifying users' access to the device. | ||||
| CVE-2025-54497 | 1 Cognex | 2 In-sight Camera Firmware, In-sight Explorer | 2025-09-19 | 8.1 High |
| Cognex In-Sight Explorer and In-Sight Camera Firmware expose a telnet-based service on port 23 to allow management operations such as firmware upgrades and device reboots, which require authentication. A user with protected privileges can successfully invoke the SetSerialPort functionality to modify relevant device properties (such as serial interface settings), contradicting the security model proposed in the user manual. | ||||
| CVE-2025-54810 | 1 Cognex | 2 In-sight Camera Firmware, In-sight Explorer | 2025-09-19 | 8 High |
| Cognex In-Sight Explorer and In-Sight Camera Firmware expose a proprietary protocol on TCP port 1069 to perform management operations such as modifying system properties. The user management functionality handles sensitive data such as registered usernames and passwords over an unencrypted channel, allowing an adjacent attacker to intercept valid credentials to gain access to the device. | ||||
| CVE-2025-54818 | 1 Cognex | 2 In-sight Camera Firmware, In-sight Explorer | 2025-09-19 | 8 High |
| Cognex In-Sight Explorer and In-Sight Camera Firmware expose a proprietary protocol on TCP port 1069 to perform management operations such as modifying system properties. The user management functionality handles sensitive data such as registered usernames and passwords over an unencrypted channel, allowing an adjacent attacker to intercept valid credentials to gain access to the device. | ||||
| CVE-2025-52873 | 1 Cognex | 2 In-sight Camera Firmware, In-sight Explorer | 2025-09-19 | 8.1 High |
| Cognex In-Sight Explorer and In-Sight Camera Firmware expose a telnet-based service on port 23 to allow management operations such as firmware upgrades and device reboots, which require authentication. A user with protected privileges can successfully invoke the SetSystemConfig functionality to modify relevant device properties (such as network settings), contradicting the security model proposed in the user manual. | ||||
| CVE-2025-54754 | 1 Cognex | 2 In-sight Camera Firmware, In-sight Explorer | 2025-09-19 | 8 High |
| An attacker with adjacent access, without authentication, can exploit this vulnerability to retrieve a hard-coded password embedded in publicly available software. This password can then be used to decrypt sensitive network traffic, affecting the Cognex device. | ||||
| CVE-2025-53947 | 2 Cognex, Microsoft | 3 In-sight Camera Firmware, In-sight Explorer, Windows | 2025-09-19 | 7.7 High |
| A local attacker with low privileges on the Windows system where the software is installed can exploit this vulnerability to corrupt sensitive data. A data folder is created with very weak privileges, allowing any user logged into the Windows system to modify its content. | ||||
| CVE-2025-47698 | 1 Cognex | 1 In-sight Explorer | 2025-09-19 | N/A |
| An adjacent attacker without authentication can exploit this vulnerability to retrieve a set of user-privileged credentials. These credentials are present during the firmware upgrade procedure. | ||||
| CVE-2021-32935 | 1 Cognex | 1 In-sight Opc Server | 2025-04-16 | 8.8 High |
| The affected Cognex product, the In-Sight OPC Server versions v5.7.4 (96) and prior, deserializes untrusted data, which could allow a remote attacker access to system level permission commands and local privilege escalation. | ||||
| CVE-2022-1368 | 1 Cognex | 2 3d-a1000 Dimensioning System, 3d-a1000 Dimensioning System Firmware | 2025-04-16 | 9.8 Critical |
| The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (3354) and prior is vulnerable to CWE-306: Missing Authentication for Critical Function, which allows unauthorized users to change the operator account password via webserver commands by monitoring web socket communications from an unauthenticated session. This could allow an attacker to escalate privileges to match those of the compromised account. | ||||
| CVE-2022-1522 | 1 Cognex | 2 3d-a1000 Dimensioning System, 3d-a1000 Dimensioning System Firmware | 2025-04-16 | 5.3 Medium |
| The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (3354) and prior is vulnerable to CWE-117: Improper Output Neutralization for Logs, which allows an attacker to create false logs that show the password as having been changed when it is not, complicating forensics. | ||||
| CVE-2022-1525 | 1 Cognex | 2 3d-a1000 Dimensioning System, 3d-a1000 Dimensioning System Firmware | 2025-04-16 | 9.1 Critical |
| The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (3354) and prior is vulnerable to CWE-602: Client-Side Enforcement of Server-Side Security, which could allow attackers to bypass web access controls by inspecting and modifying the source code of password protected web elements. | ||||
Page 1 of 1.