CVE-2025-54754
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-09-18
Last updated on: 2025-09-19
Assigner: ICS-CERT
Description
Description
An attacker with adjacent access, without authentication, can exploit
this vulnerability to retrieve a hard-coded password embedded in
publicly available software. This password can then be used to decrypt
sensitive network traffic, affecting the Cognex device.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cognex | device | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-259 | The product contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability allows an attacker with adjacent network access, without needing to authenticate, to extract a hard-coded password embedded in publicly available software on a Cognex device. The attacker can then use this password to decrypt sensitive network traffic.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized disclosure of sensitive information by allowing an attacker to decrypt network traffic. This compromises the confidentiality, integrity, and availability of the affected Cognex device and its communications.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70