CVE-2025-54810

Summary

Cognex In-Sight Explorer and In-Sight Camera Firmware expose

a proprietary protocol on TCP port 1069 to perform management operations such as modifying system properties. The user management functionality handles sensitive data such as registered usernames and passwords over an unencrypted channel, allowing an adjacent attacker to intercept valid credentials to gain access to the device.

Affected Software

VendorProductVersion RangeStatus
CognexIn-Sight 2000 series5.x <= 6.5.1affected
CognexIn-Sight 7000 series5.x <= 6.5.1affected
CognexIn-Sight 8000 series5.x <= 6.5.1affected
CognexIn-Sight 9000 series5.x <= 6.5.1affected
CognexIn-Sight Explorer5.x <= 6.5.1affected

Weaknesses

  • CWE-294: CWE-294

Workarounds

Cognex reports that In-Sight Explorer based vision systems are legacy products not intended for new applications. To reduce risk, asset owners are advised to switch to next generation In-Sight Vision Suite based vision systems, such as the In-Sight 2800, In-Sight 3800, In-Sight 8900 series embedded cameras.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References