Cognex In-Sight Explorer and In-Sight Camera Firmware Incorrect Permission Assignment...

8.1 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Description

Cognex In-Sight Explorer and In-Sight Camera Firmware expose
a telnet-based service on port 23 to allow management operations such as
firmware upgrades and device reboots, which require authentication. A
user with protected privileges can successfully invoke the
SetSystemConfig functionality to modify relevant device properties (such
as network settings), contradicting the security model proposed in the
user manual.

Basic Information

ID CVE-2025-52873

Source icscert

Published Sep 18, 2025 at 21:22

Affected Product

Vendor Cognex

Product In-Sight 2000 series

Version 5.x

Affected Versions Cognex In-Sight 2000 series 5.x
Cognex In-Sight 7000 series 5.x
Cognex In-Sight 8000 series 5.x
Cognex In-Sight 9000 series 5.x
Cognex In-Sight Explorer 5.x

CWE Classification

CWE-732

References

www.cisa.gov /news-events/ics-advisories/icsa-25-261-06

{
    "lastseen": "",
    "description": "Cognex In-Sight Explorer and In-Sight Camera Firmware expose \na telnet-based service on port 23 to allow management operations such as\n firmware upgrades and device reboots, which require authentication. A \nuser with protected privileges can successfully invoke the \nSetSystemConfig functionality to modify relevant device properties (such\n as network settings), contradicting the security model proposed in the \nuser manual.",
    "published": "2025-09-18T21:22:38.150Z",
    "modified": "2025-09-18T21:22:38.150Z",
    "type": "cve",
    "title": "Cognex In-Sight Explorer and In-Sight Camera Firmware Incorrect Permission Assignment for Critical Resource",
    "source": "icscert",
    "references": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-261-06",
    "id": "CVE-2025-52873",
    "bulletinFamily": "",
    "cwe": [
        "CWE-732"
    ],
    "cvelist": null,
    "sourceData": "Cognex In-Sight 2000 series 5.x\nCognex In-Sight 7000 series 5.x\nCognex In-Sight 8000 series 5.x\nCognex In-Sight 9000 series 5.x\nCognex In-Sight Explorer 5.x",
    "sourceHref": "",
    "cvss": {
        "score": 8.1,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "In-Sight 2000 series",
    "version": "5.x",
    "vendor": "Cognex",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Cognex In-Sight Explorer and In-Sight Camera Firmware Incorrect Permission Assignment for Critical Resource_CVE-2025-52873