CVE-2025-52873
published 2025-09-18CVE-2025-52873: Cognex In-Sight Explorer and In-Sight Camera Firmware expose a telnet-based service on port 23 to allow management operations such as firmware upgrades and…
PriorityP353high8.1CVSS 3.1
AVNACLPRLUINSUCNIHAH
EPSS
0.29%
20.9th percentile
Cognex In-Sight Explorer and In-Sight Camera Firmware expose
a telnet-based service on port 23 to allow management operations such as
firmware upgrades and device reboots, which require authentication. A
user with protected privileges can successfully invoke the
SetSystemConfig functionality to modify relevant device properties (such
as network settings), contradicting the security model proposed in the
user manual.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cognex | in-sight_2000_series | 5.x – 6.5.1 | — |
| cognex | in-sight_7000_series | 5.x – 6.5.1 | — |
| cognex | in-sight_8000_series | 5.x – 6.5.1 | — |
| cognex | in-sight_9000_series | 5.x – 6.5.1 | — |
| cognex | in-sight_explorer | 5.x – 6.5.1 | — |
CVSS provenance
nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
nvdv4.07.2HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Cognex In-Sight Explorer and In-Sight Camera Firmware
cisa_ics·2025-09-18·CVSS 8.0
[HIGH] Cognex In-Sight Explorer and In-Sight Camera Firmware
ICS Advisory
##
Cognex In-Sight Explorer and In-Sight Camera Firmware
Release DateSeptember 18, 2025
Alert CodeICSA-25-261-06
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 8.6
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Cognex
- Equipment: In-Sight Explorer, In-Sight Camera Firmware
- Vulnerabilities: Use of Hard-coded Password, Cleartext Transmission of Sensitive Information, Incorrect Default Permissions, Improper Restriction of Excessive Authentication Attempts, Incorrect Permission Assignment for Critical Resource, Authentication Bypass by Capture-replay, Client-Side Enforcement of Server-Side Security
## 2. RISK EVALUATION
Successful exploitati
GHSA
GHSA-922x-wpjc-grx8: Cognex In-Sight Explorer and In-Sight Camera Firmware expose
a telnet-based service on port 23 to allow management operations such as
firmware upgrade
ghsa_unreviewed·2025-09-19
CVE-2025-52873 [HIGH] CWE-732 GHSA-922x-wpjc-grx8: Cognex In-Sight Explorer and In-Sight Camera Firmware expose
a telnet-based service on port 23 to allow management operations such as
firmware upgrade
Cognex In-Sight Explorer and In-Sight Camera Firmware expose
a telnet-based service on port 23 to allow management operations such as
firmware upgrades and device reboots, which require authentication. A
user with protected privileges can successfully invoke the
SetSystemConfig functionality to modify relevant device properties (such
as network settings), contradicting the security model proposed in the
user manual.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-09-18
Published