CVE-2025-54818
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Cognex In-Sight Explorer and In-Sight Camera Firmware expose
a proprietary protocol on TCP port 1069 to perform management operations such as modifying system properties. The user management functionality handles sensitive data such as registered usernames and passwords over an unencrypted channel, allowing an adjacent attacker to intercept valid credentials to gain access to the device.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Cognex | In-Sight 2000 series | 5.x <= 6.5.1 | affected |
| Cognex | In-Sight 7000 series | 5.x <= 6.5.1 | affected |
| Cognex | In-Sight 8000 series | 5.x <= 6.5.1 | affected |
| Cognex | In-Sight 9000 series | 5.x <= 6.5.1 | affected |
| Cognex | In-Sight Explorer | 5.x <= 6.5.1 | affected |
Weaknesses
- CWE-319: CWE-319
Workarounds
Cognex reports that In-Sight Explorer based vision systems are legacy products not intended for new applications. To reduce risk, asset owners are advised to switch to next generation In-Sight Vision Suite based vision systems, such as the In-Sight 2800, In-Sight 3800, In-Sight 8900 series embedded cameras.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.