CVE-2025-54497
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Summary
Cognex In-Sight Explorer and In-Sight Camera Firmware expose a telnet-based service on port 23 to allow management operations such as firmware upgrades and device reboots, which require authentication. A user with protected privileges can successfully invoke the SetSerialPort functionality to modify relevant device properties (such as serial interface settings), contradicting the security model proposed in the user manual.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Cognex | In-Sight 2000 series | 5.x <= 6.5.1 | affected |
| Cognex | In-Sight 7000 series | 5.x <= 6.5.1 | affected |
| Cognex | In-Sight 8000 series | 5.x <= 6.5.1 | affected |
| Cognex | In-Sight 9000 series | 5.x <= 6.5.1 | affected |
| Cognex | In-Sight Explorer | 5.x <= 6.5.1 | affected |
Weaknesses
- CWE-732: CWE-732
Workarounds
Cognex reports that In-Sight Explorer based vision systems are legacy products not intended for new applications. To reduce risk, asset owners are advised to switch to next generation In-Sight Vision Suite based vision systems, such as the In-Sight 2800, In-Sight 3800, In-Sight 8900 series embedded cameras.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.