CVE-2025-54818
BaseFortify
Publication date: 2025-09-18
Last updated on: 2025-09-19
Assigner: ICS-CERT
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cognex | in-sight_explorer | * |
| cognex | in-sight_camera | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-319 | The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Cognex In-Sight Explorer and In-Sight Camera Firmware, where a proprietary protocol on TCP port 1069 is used for management operations like modifying system properties. The user management functionality transmits sensitive data such as registered usernames and passwords over an unencrypted channel, which allows an adjacent attacker to intercept valid credentials and gain unauthorized access to the device.
How can this vulnerability impact me? :
An attacker who is adjacent to the vulnerable device can intercept unencrypted credentials transmitted over the network, allowing them to gain unauthorized access to the device. This can lead to full compromise of the device, including the ability to modify system properties, potentially causing confidentiality, integrity, and availability impacts.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
You can detect this vulnerability by scanning your network for devices exposing TCP port 1069, which is used by Cognex In-Sight Explorer and In-Sight Camera Firmware for management operations. Using network scanning tools like nmap, you can run commands such as: nmap -p 1069 <target-ip-range> to identify devices with this port open. Additionally, monitoring network traffic for unencrypted transmissions on port 1069 may help detect attempts to exploit the vulnerability.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting network access to TCP port 1069 to trusted hosts only, such as by implementing firewall rules or network segmentation to prevent adjacent attackers from accessing this port. Additionally, monitor and limit exposure of devices running Cognex In-Sight Explorer and In-Sight Camera Firmware to untrusted networks. Applying any available firmware updates or patches from the vendor is also recommended once available.