CVE-2025-54497
BaseFortify
Publication date: 2025-09-18
Last updated on: 2025-09-19
Assigner: ICS-CERT
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cognex | in-sight_explorer | * |
| cognex | in-sight_camera | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-732 | The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Cognex In-Sight Explorer and In-Sight Camera Firmware, which expose a telnet-based service on port 23 for management operations like firmware upgrades and device reboots that require authentication. However, a user with protected privileges can exploit the SetSerialPort functionality to modify device properties such as serial interface settings, which goes against the intended security model described in the user manual.
How can this vulnerability impact me? :
An attacker or user with protected privileges could modify critical device properties, potentially leading to unauthorized changes in device behavior or configuration. This could disrupt device operations, compromise device integrity, or enable further attacks on the system relying on the device.