Cognex In-Sight Explorer and In-Sight Camera Firmware Authentication Bypass by...

8 / 10

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Description

Cognex In-Sight Explorer and In-Sight Camera Firmware expose

a proprietary protocol on TCP port 1069 to perform management operations
such as modifying system properties. The user management functionality
handles sensitive data such as registered usernames and passwords over
an unencrypted channel, allowing an adjacent attacker to intercept valid
credentials to gain access to the device.

Basic Information

ID CVE-2025-54810

Source icscert

Published Sep 18, 2025 at 21:28

Affected Product

Vendor Cognex

Product In-Sight 2000 series

Version 5.x

Affected Versions Cognex In-Sight 2000 series 5.x
Cognex In-Sight 7000 series 5.x
Cognex In-Sight 8000 series 5.x
Cognex In-Sight 9000 series 5.x
Cognex In-Sight Explorer 5.x

CWE Classification

CWE-294

References

www.cisa.gov /news-events/ics-advisories/icsa-25-261-06

{
    "lastseen": "",
    "description": "Cognex In-Sight Explorer and In-Sight Camera Firmware expose \n\na proprietary protocol on TCP port 1069 to perform management operations\n such as modifying system properties. The user management functionality \nhandles sensitive data such as registered usernames and passwords over \nan unencrypted channel, allowing an adjacent attacker to intercept valid\n credentials to gain access to the device.",
    "published": "2025-09-18T21:28:19.297Z",
    "modified": "2025-09-18T21:28:19.297Z",
    "type": "cve",
    "title": "Cognex In-Sight Explorer and In-Sight Camera Firmware Authentication Bypass by Capture-replay",
    "source": "icscert",
    "references": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-261-06",
    "id": "CVE-2025-54810",
    "bulletinFamily": "",
    "cwe": [
        "CWE-294"
    ],
    "cvelist": null,
    "sourceData": "Cognex In-Sight 2000 series 5.x\nCognex In-Sight 7000 series 5.x\nCognex In-Sight 8000 series 5.x\nCognex In-Sight 9000 series 5.x\nCognex In-Sight Explorer 5.x",
    "sourceHref": "",
    "cvss": {
        "score": 8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "In-Sight 2000 series",
    "version": "5.x",
    "vendor": "Cognex",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Cognex In-Sight Explorer and In-Sight Camera Firmware Authentication Bypass by Capture-replay_CVE-2025-54810