cbcvebase.

Cognex 3D-A1000 Dimensioning System vulnerabilities

3 known vulnerabilities affecting cognex/3d-a1000_dimensioning_system.

Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2022-1368P2CRITICALCVSS 9.8≥ all, ≤ 1.0.3 (3354)2022-09-06
CVE-2022-1368 [CRITICAL] CWE-306 CVE-2022-1368: The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (3354) and prior is vulnerable to The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (3354) and prior is vulnerable to CWE-306: Missing Authentication for Critical Function, which allows unauthorized users to change the operator account password via webserver commands by monitoring web socket communications from an unauthenticated session. This could allow an attacker
nvd
CVE-2022-1525P3CRITICALCVSS 9.1≥ all, ≤ 1.0.3 (3354)2022-09-06
CVE-2022-1525 [CRITICAL] CWE-602 CVE-2022-1525: The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (3354) and prior is vulnerable to The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (3354) and prior is vulnerable to CWE-602: Client-Side Enforcement of Server-Side Security, which could allow attackers to bypass web access controls by inspecting and modifying the source code of password protected web elements.
nvd
CVE-2022-1522P4MEDIUMCVSS 5.3≥ all, ≤ 1.0.3 (3354)2022-09-06
CVE-2022-1522 [MEDIUM] CWE-117 CVE-2022-1522: The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (3354) and prior is vulnerable to The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (3354) and prior is vulnerable to CWE-117: Improper Output Neutralization for Logs, which allows an attacker to create false logs that show the password as having been changed when it is not, complicating forensics.
nvd
Cognex 3D-A1000 Dimensioning System vulnerabilities | cvebase