CVE-2025-54860
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Summary
Cognex In-Sight Explorer and In-Sight Camera Firmware expose a telnet-based service on port 23 in order to allow management operations on the device such as firmware upgrades and device reboot requiring an authentication. A wrong management of login failures of the service allows a denial-of-service attack, leaving the telnet service into an unreachable state.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Cognex | In-Sight 2000 series | 5.x <= 6.5.1 | affected |
| Cognex | In-Sight 7000 series | 5.x <= 6.5.1 | affected |
| Cognex | In-Sight 8000 series | 5.x <= 6.5.1 | affected |
| Cognex | In-Sight 9000 series | 5.x <= 6.5.1 | affected |
| Cognex | In-Sight Explorer | 5.x <= 6.5.1 | affected |
Weaknesses
- CWE-307: CWE-307
Workarounds
Cognex reports that In-Sight Explorer based vision systems are legacy products not intended for new applications. To reduce risk, asset owners are advised to switch to next generation In-Sight Vision Suite based vision systems, such as the In-Sight 2800, In-Sight 3800, In-Sight 8900 series embedded cameras.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.