CRITICAL🇬🇧 English

CVE-2022-1368

CVSS 9.8v3.1pub. 2022-09-06upd. 2024-11-21

The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (3354) and prior is vulnerable to CWE-306: Missing Authentication for Critical Function, which allows unauthorized users to change the operator account password via webserver commands by monitoring web socket communications from an unauthenticated session. This could allow an attacker to escalate privileges to match those of the compromised account.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Cognex 3d A1000 Dimensioning System

    HW
    Cognex
    wszystkie wersje
  • Cognex 3d A1000 Dimensioning System Firmware

    OS
    Cognex
    ≤ 1.0.3\(3354\)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
LPE
CWE
Referencje

Powiązane podatności

CVE-2022-1525CRITICAL9.1ten sam produkt

The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (3354) and prior is vulnerable to CWE-602: C...

CVE-2022-1522MEDIUM5.3ten sam produkt

The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (3354) and prior is vulnerable to CWE-117: I...

CVE-2021-32935HIGH8.8ten sam vendor

The affected Cognex product, the In-Sight OPC Server versions v5.7.4 (96) and prior, deserializes untrusted da...

CVE-2022-1368 — CRITICAL 9.8 | CVEbaza.pl