Vulnerabilities > Cognex
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-06 | CVE-2022-1368 | Missing Authentication for Critical Function vulnerability in Cognex 3D-A1000 Dimensioning System Firmware 1.0.3(3354) The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (3354) and prior is vulnerable to CWE-306: Missing Authentication for Critical Function, which allows unauthorized users to change the operator account password via webserver commands by monitoring web socket communications from an unauthenticated session. | 9.8 |
| 2022-09-06 | CVE-2022-1522 | Improper Output Neutralization for Logs vulnerability in Cognex 3D-A1000 Dimensioning System Firmware 1.0.3(3354) The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (3354) and prior is vulnerable to CWE-117: Improper Output Neutralization for Logs, which allows an attacker to create false logs that show the password as having been changed when it is not, complicating forensics. | 5.3 |
| 2022-09-06 | CVE-2022-1525 | Client-Side Enforcement of Server-Side Security vulnerability in Cognex 3D-A1000 Dimensioning System Firmware 1.0.3(3354) The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (3354) and prior is vulnerable to CWE-602: Client-Side Enforcement of Server-Side Security, which could allow attackers to bypass web access controls by inspecting and modifying the source code of password protected web elements. | 9.1 |
| 2022-05-23 | CVE-2021-32935 | Deserialization of Untrusted Data vulnerability in Cognex In-Sight OPC Server The affected Cognex product, the In-Sight OPC Server versions v5.7.4 (96) and prior, deserializes untrusted data, which could allow a remote attacker access to system level permission commands and local privilege escalation. | 9.8 |