CVE-2025-54810
BaseFortify
Publication date: 2025-09-18
Last updated on: 2025-09-19
Assigner: ICS-CERT
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cognex | in-sight_explorer | * |
| cognex | in-sight_camera | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-294 | A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves Cognex In-Sight Explorer and In-Sight Camera Firmware exposing a proprietary protocol on TCP port 1069 that is used for management operations, including modifying system properties. The user management functionality transmits sensitive data such as registered usernames and passwords over an unencrypted channel. This allows an adjacent attacker to intercept valid credentials and gain unauthorized access to the device.
How can this vulnerability impact me? :
An attacker who is adjacent to the vulnerable device can intercept unencrypted credentials transmitted over the network, allowing them to gain unauthorized access to the device. This can lead to full compromise of the device, including the ability to modify system properties, which may result in loss of confidentiality, integrity, and availability of the device and its data.