CVE-2025-54810

HIGH8.6

Cognex In-Sight Explorer and In-Sight Camera Firmware Authentication Bypass by Capture-replay

Published Sep 18, 2025

Modified 3 months ago

No fix available

Details

Cognex In-Sight Explorer and In-Sight Camera Firmware expose

a proprietary protocol on TCP port 1069 to perform management operations such as modifying system properties. The user management functionality handles sensitive data such as registered usernames and passwords over an unencrypted channel, allowing an adjacent attacker to intercept valid credentials to gain access to the device.

References

WEBhttps://www.cisa.gov/news-events/ics-advisories/icsa-25-261-06 ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2025-54810

CVSS Analysis

CVSS v4.0

8.6

Exploitability

Attack Vector

AdjacentAV:A

Attack Complexity

LowAC:L

Attack Requirements

NoneAT:N

Privileges Required

NonePR:N

User Interaction

PassiveUI:P

Vulnerable System

Vuln. Confidentiality

HighVC:H

Vuln. Integrity

HighVI:H

Vuln. Availability

HighVA:H

Subsequent System

Subseq. Confidentiality

NoneSC:N

Subseq. Integrity

NoneSI:N

Subseq. Availability

NoneSA:N

8.6/CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Weakness Type (CWE)

Other

CWE-294

Ecosystems

Timeline

PublishedSep 18, 2025

ModifiedSep 19, 2025

CVE-2025-54810 | Mondoo Vulnerability Intelligence