Vulnerabilities > Cognex > 3D A1000 Dimensioning System Firmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-06 | CVE-2022-1368 | Unspecified vulnerability in Cognex 3D-A1000 Dimensioning System Firmware 1.0.3(3354) The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (3354) and prior is vulnerable to CWE-306: Missing Authentication for Critical Function, which allows unauthorized users to change the operator account password via webserver commands by monitoring web socket communications from an unauthenticated session. | 9.8 |
| 2022-09-06 | CVE-2022-1522 | Unspecified vulnerability in Cognex 3D-A1000 Dimensioning System Firmware 1.0.3(3354) The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (3354) and prior is vulnerable to CWE-117: Improper Output Neutralization for Logs, which allows an attacker to create false logs that show the password as having been changed when it is not, complicating forensics. | 5.3 |
| 2022-09-06 | CVE-2022-1525 | Unspecified vulnerability in Cognex 3D-A1000 Dimensioning System Firmware 1.0.3(3354) The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (3354) and prior is vulnerable to CWE-602: Client-Side Enforcement of Server-Side Security, which could allow attackers to bypass web access controls by inspecting and modifying the source code of password protected web elements. | 9.1 |