CVE-2025-52873
BaseFortify
Publication date: 2025-09-18
Last updated on: 2025-09-19
Assigner: ICS-CERT
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cognex | in-sight_camera_firmware | 4.0 |
| cognex | in-sight_explorer | 4.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-732 | The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Cognex In-Sight Explorer and In-Sight Camera Firmware, which expose a telnet-based service on port 23 for management operations like firmware upgrades and device reboots that require authentication. However, a user with protected privileges can exploit the SetSystemConfig functionality to modify important device properties such as network settings, which goes against the intended security model described in the user manual.
How can this vulnerability impact me? :
The vulnerability allows a user with protected privileges to change critical device configurations, including network settings, potentially leading to unauthorized device control, disruption of device operations, or exposure to further attacks. This could compromise the security and availability of the affected devices.