CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-1368 – Cognex 3D-A1000 Dimensioning System Missing Authentication for Critical Function
https://notcve.org/view.php?id=CVE-2022-1368
06 Sep 2022 — The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (3354) and prior is vulnerable to CWE-306: Missing Authentication for Critical Function, which allows unauthorized users to change the operator account password via webserver commands by monitoring web socket communications from an unauthenticated session. This could allow an attacker to escalate privileges to match those of the compromised account. Cognex 3D-A1000 Dimensioning System en versión de firmware 1.0.3 (3354) y anteriores, es vulne... • https://www.cisa.gov/uscert/ics/advisories/icsa-22-249-03 • CWE-306: Missing Authentication for Critical Function •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-1522 – Cognex 3D-A1000 Dimensioning System Improper Output Neutralization for Logs
https://notcve.org/view.php?id=CVE-2022-1522
06 Sep 2022 — The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (3354) and prior is vulnerable to CWE-117: Improper Output Neutralization for Logs, which allows an attacker to create false logs that show the password as having been changed when it is not, complicating forensics. Cognex 3D-A1000 Dimensioning System en versión de firmware 1.0.3 (3354) y anteriores, es vulnerable a CWE-117: Neutralización Inadecuada de la Salida de los Registros, que permite a un atacante crear registros falsos que muestren ... • https://www.cisa.gov/uscert/ics/advisories/icsa-22-249-03 • CWE-117: Improper Output Neutralization for Logs •
CVSS: 9.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-1525 – Cognex 3D-A1000 Dimensioning System Client-Side Enforcement of Server-Side Security
https://notcve.org/view.php?id=CVE-2022-1525
06 Sep 2022 — The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (3354) and prior is vulnerable to CWE-602: Client-Side Enforcement of Server-Side Security, which could allow attackers to bypass web access controls by inspecting and modifying the source code of password protected web elements. Cognex 3D-A1000 Dimensioning System en versión de firmware 1.0.3 (3354) y anteriores es vulnerable a CWE-602: Aplicación de la Seguridad del Lado del Cliente al Lado del Servidor, que podría permitir a atacantes omit... • https://www.cisa.gov/uscert/ics/advisories/icsa-22-249-03 • CWE-602: Client-Side Enforcement of Server-Side Security •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2021-32935 – Cognex In-Sight OPC Server - Deserialization of Untrusted Data
https://notcve.org/view.php?id=CVE-2021-32935
23 May 2022 — The affected Cognex product, the In-Sight OPC Server versions v5.7.4 (96) and prior, deserializes untrusted data, which could allow a remote attacker access to system level permission commands and local privilege escalation. El producto de Cognex afectado, el servidor In-Sight OPC versión v5.7.4 (96) y anteriores, de serializa datos que no son confiables, lo que podría permitir a un atacante remoto acceder a comandos de permisos a nivel del sistema y escalar privilegios locales • https://www.cisa.gov/uscert/ics/advisories/icsa-21-224-01 • CWE-502: Deserialization of Untrusted Data •