CVE-2025-54860

Summary

Cognex In-Sight Explorer and In-Sight Camera Firmware expose a telnet-based service on port 23 in order to allow management operations on the device such as firmware upgrades and device reboot requiring an authentication. A wrong management of login failures of the service allows a denial-of-service attack, leaving the telnet service into an unreachable state.

Affected Software

VendorProductVersion RangeStatus
CognexIn-Sight 2000 series5.x <= 6.5.1affected
CognexIn-Sight 7000 series5.x <= 6.5.1affected
CognexIn-Sight 8000 series5.x <= 6.5.1affected
CognexIn-Sight 9000 series5.x <= 6.5.1affected
CognexIn-Sight Explorer5.x <= 6.5.1affected

Weaknesses

  • CWE-307: CWE-307

Workarounds

Cognex reports that In-Sight Explorer based vision systems are legacy products not intended for new applications. To reduce risk, asset owners are advised to switch to next generation In-Sight Vision Suite based vision systems, such as the In-Sight 2800, In-Sight 3800, In-Sight 8900 series embedded cameras.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References