CVE-2025-54810
published 2025-09-18CVE-2025-54810: Cognex In-Sight Explorer and In-Sight Camera Firmware expose a proprietary protocol on TCP port 1069 to perform management operations such as modifying system…
PriorityP344high8CVSS 3.1
AVAACLPRNUIRSUCHIHAH
EPSS
0.18%
8.2th percentile
Cognex In-Sight Explorer and In-Sight Camera Firmware expose
a proprietary protocol on TCP port 1069 to perform management operations
such as modifying system properties. The user management functionality
handles sensitive data such as registered usernames and passwords over
an unencrypted channel, allowing an adjacent attacker to intercept valid
credentials to gain access to the device.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cognex | in-sight_2000_series | 5.x – 6.5.1 | — |
| cognex | in-sight_7000_series | 5.x – 6.5.1 | — |
| cognex | in-sight_8000_series | 5.x – 6.5.1 | — |
| cognex | in-sight_9000_series | 5.x – 6.5.1 | — |
| cognex | in-sight_explorer | 5.x – 6.5.1 | — |
CVSS provenance
nvdv3.18.0HIGHCVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv4.08.6HIGHCVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Cognex In-Sight Explorer and In-Sight Camera Firmware
cisa_ics·2025-09-18·CVSS 8.0
[HIGH] Cognex In-Sight Explorer and In-Sight Camera Firmware
ICS Advisory
##
Cognex In-Sight Explorer and In-Sight Camera Firmware
Release DateSeptember 18, 2025
Alert CodeICSA-25-261-06
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 8.6
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Cognex
- Equipment: In-Sight Explorer, In-Sight Camera Firmware
- Vulnerabilities: Use of Hard-coded Password, Cleartext Transmission of Sensitive Information, Incorrect Default Permissions, Improper Restriction of Excessive Authentication Attempts, Incorrect Permission Assignment for Critical Resource, Authentication Bypass by Capture-replay, Client-Side Enforcement of Server-Side Security
## 2. RISK EVALUATION
Successful exploitati
GHSA
GHSA-cr6h-4367-m34r: Cognex In-Sight Explorer and In-Sight Camera Firmware expose
a proprietary protocol on TCP port 1069 to perform management operations
such as modifyi
ghsa_unreviewed·2025-09-19
CVE-2025-54810 [HIGH] CWE-294 GHSA-cr6h-4367-m34r: Cognex In-Sight Explorer and In-Sight Camera Firmware expose
a proprietary protocol on TCP port 1069 to perform management operations
such as modifyi
Cognex In-Sight Explorer and In-Sight Camera Firmware expose
a proprietary protocol on TCP port 1069 to perform management operations
such as modifying system properties. The user management functionality
handles sensitive data such as registered usernames and passwords over
an unencrypted channel, allowing an adjacent attacker to intercept valid
credentials to gain access to the device.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-09-18
Published