Vulnerabilities > Cognex
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-09-06 | CVE-2022-1368 | Unspecified vulnerability in Cognex 3D-A1000 Dimensioning System Firmware 1.0.3(3354) The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (3354) and prior is vulnerable to CWE-306: Missing Authentication for Critical Function, which allows unauthorized users to change the operator account password via webserver commands by monitoring web socket communications from an unauthenticated session. | 9.8 |
2022-09-06 | CVE-2022-1522 | Unspecified vulnerability in Cognex 3D-A1000 Dimensioning System Firmware 1.0.3(3354) The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (3354) and prior is vulnerable to CWE-117: Improper Output Neutralization for Logs, which allows an attacker to create false logs that show the password as having been changed when it is not, complicating forensics. | 5.3 |
2022-09-06 | CVE-2022-1525 | Unspecified vulnerability in Cognex 3D-A1000 Dimensioning System Firmware 1.0.3(3354) The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (3354) and prior is vulnerable to CWE-602: Client-Side Enforcement of Server-Side Security, which could allow attackers to bypass web access controls by inspecting and modifying the source code of password protected web elements. | 9.1 |
2022-05-23 | CVE-2021-32935 | Unspecified vulnerability in Cognex In-Sight OPC Server The affected Cognex product, the In-Sight OPC Server versions v5.7.4 (96) and prior, deserializes untrusted data, which could allow a remote attacker access to system level permission commands and local privilege escalation. | 9.8 |