CRITICAL🇵🇱 Wersja polska

CVE-2022-1368

CVSS 9.8v3.1pub. 2022-09-06upd. 2024-11-21

The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (3354) and prior is vulnerable to CWE-306: Missing Authentication for Critical Function, which allows unauthorized users to change the operator account password via webserver commands by monitoring web socket communications from an unauthenticated session. This could allow an attacker to escalate privileges to match those of the compromised account.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Cognex 3d A1000 Dimensioning System

    HW
    Cognex
    wszystkie wersje
  • Cognex 3d A1000 Dimensioning System Firmware

    OS
    Cognex
    ≤ 1.0.3\(3354\)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
LPE
CWE
References

Related vulnerabilities

CVE-2022-1525CRITICAL9.1ten sam produkt

The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (3354) and prior is vulnerable to CWE-602: C...

CVE-2022-1522MEDIUM5.3ten sam produkt

The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (3354) and prior is vulnerable to CWE-117: I...

CVE-2021-32935HIGH8.8ten sam vendor

The affected Cognex product, the In-Sight OPC Server versions v5.7.4 (96) and prior, deserializes untrusted da...