Multiple vulnerabilities in Cognex In-Sight Explorer and In-Sight Camera Firmware
| Risk | Medium |
| Patch available | NO |
| Number of vulnerabilities | 9 |
| CVE-ID | CVE-2025-54754 CVE-2025-47698 CVE-2025-53947 CVE-2025-54860 CVE-2025-52873 CVE-2025-54497 CVE-2025-54818 CVE-2025-54810 CVE-2025-53969 |
| CWE-ID | CWE-259 CWE-319 CWE-276 CWE-307 CWE-732 CWE-294 CWE-602 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
In-Sight Explorer Hardware solutions / Firmware In-Sight 2000 series Hardware solutions / Firmware In-Sight 7000 series Hardware solutions / Firmware In-Sight 8000 series Hardware solutions / Firmware In-Sight 9000 series Hardware solutions / Firmware |
| Vendor | Cognex Corporation |
Security Bulletin
This security bulletin contains information about 9 vulnerabilities.
1) Use of Hard-coded Password
EUVDB-ID: #VU116025
Risk: Medium
CVSSv4.0: 6.1 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-54754
CWE-ID:
CWE-259 - Use of Hard-coded Password
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to use a hard-coded password. A remote attacker on the local network can retrieve a hard-coded password embedded in publicly available software.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsIn-Sight Explorer: 6.5.1 and previous versions
In-Sight 2000 series: 6.5.1 and previous versions
In-Sight 7000 series: 6.5.1 and previous versions
In-Sight 8000 series: 6.5.1 and previous versions
In-Sight 9000 series: 6.5.1 and previous versions
CPE2.3- cpe:2.3:h:cognex_corporation:in-sight_explorer:*:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_explorer:6.5.1:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_2000_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_2000_series:6.5.1:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_7000_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_7000_series:6.5.1:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_8000_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_8000_series:6.5.1:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_9000_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_9000_series:6.5.1:*:*:*:*:*:*:*
https://www.cisa.gov/news-events/ics-advisories/icsa-25-261-06
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Cleartext transmission of sensitive information
EUVDB-ID: #VU116026
Risk: Medium
CVSSv4.0: 6.1 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-47698
CWE-ID:
CWE-319 - Cleartext Transmission of Sensitive Information
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to software uses insecure communication channel to transmit sensitive information. A remote attacker with ability to intercept network traffic can gain access to sensitive data.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsIn-Sight Explorer: 6.5.1 and previous versions
In-Sight 2000 series: 6.5.1 and previous versions
In-Sight 7000 series: 6.5.1 and previous versions
In-Sight 8000 series: 6.5.1 and previous versions
In-Sight 9000 series: 6.5.1 and previous versions
CPE2.3- cpe:2.3:h:cognex_corporation:in-sight_explorer:*:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_explorer:6.5.1:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_2000_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_2000_series:6.5.1:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_7000_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_7000_series:6.5.1:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_8000_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_8000_series:6.5.1:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_9000_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_9000_series:6.5.1:*:*:*:*:*:*:*
https://www.cisa.gov/news-events/ics-advisories/icsa-25-261-06
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Incorrect default permissions
EUVDB-ID: #VU116027
Risk: Low
CVSSv4.0: 4.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-53947
CWE-ID:
CWE-276 - Incorrect Default Permissions
Exploit availability: No
DescriptionThe vulnerability allows a local user to compromise the target system.
The vulnerability exists due to incorrect default permissions for files and folders that are set by the application. A local user can corrupt sensitive data and modify data folder´s content.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsIn-Sight Explorer: 6.5.1 and previous versions
In-Sight 2000 series: 6.5.1 and previous versions
In-Sight 7000 series: 6.5.1 and previous versions
In-Sight 8000 series: 6.5.1 and previous versions
In-Sight 9000 series: 6.5.1 and previous versions
CPE2.3- cpe:2.3:h:cognex_corporation:in-sight_explorer:*:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_explorer:6.5.1:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_2000_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_2000_series:6.5.1:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_7000_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_7000_series:6.5.1:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_8000_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_8000_series:6.5.1:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_9000_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_9000_series:6.5.1:*:*:*:*:*:*:*
https://www.cisa.gov/news-events/ics-advisories/icsa-25-261-06
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper Restriction of Excessive Authentication Attempts
EUVDB-ID: #VU116028
Risk: Low
CVSSv4.0: 4.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-54860
CWE-ID:
CWE-307 - Improper Restriction of Excessive Authentication Attempts
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to the affected module does not limit the number of password attempts. A local user can perform a brute-force attack and perform a denial of service (DoS) attack on the system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsIn-Sight Explorer: 6.5.1 and previous versions
In-Sight 2000 series: 6.5.1 and previous versions
In-Sight 7000 series: 6.5.1 and previous versions
In-Sight 8000 series: 6.5.1 and previous versions
In-Sight 9000 series: 6.5.1 and previous versions
CPE2.3- cpe:2.3:h:cognex_corporation:in-sight_explorer:*:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_explorer:6.5.1:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_2000_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_2000_series:6.5.1:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_7000_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_7000_series:6.5.1:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_8000_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_8000_series:6.5.1:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_9000_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_9000_series:6.5.1:*:*:*:*:*:*:*
https://www.cisa.gov/news-events/ics-advisories/icsa-25-261-06
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Incorrect permission assignment for critical resource
EUVDB-ID: #VU116029
Risk: Medium
CVSSv4.0: 5.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-52873
CWE-ID:
CWE-732 - Incorrect Permission Assignment for Critical Resource
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to incorrect permission assignment for critical resource. A remote user can invoke the SetSystemConfig functionality to modify relevant device properties.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsIn-Sight Explorer: 6.5.1 and previous versions
In-Sight 2000 series: 6.5.1 and previous versions
In-Sight 7000 series: 6.5.1 and previous versions
In-Sight 8000 series: 6.5.1 and previous versions
In-Sight 9000 series: 6.5.1 and previous versions
CPE2.3- cpe:2.3:h:cognex_corporation:in-sight_explorer:*:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_explorer:6.5.1:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_2000_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_2000_series:6.5.1:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_7000_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_7000_series:6.5.1:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_8000_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_8000_series:6.5.1:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_9000_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_9000_series:6.5.1:*:*:*:*:*:*:*
https://www.cisa.gov/news-events/ics-advisories/icsa-25-261-06
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Incorrect permission assignment for critical resource
EUVDB-ID: #VU116031
Risk: Medium
CVSSv4.0: 5.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-54497
CWE-ID:
CWE-732 - Incorrect Permission Assignment for Critical Resource
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to incorrect permission assignment for critical resource. A remote user can invoke the SetSerialPort functionality to modify relevant device properties.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsIn-Sight Explorer: 6.5.1 and previous versions
In-Sight 2000 series: 6.5.1 and previous versions
In-Sight 7000 series: 6.5.1 and previous versions
In-Sight 8000 series: 6.5.1 and previous versions
In-Sight 9000 series: 6.5.1 and previous versions
CPE2.3- cpe:2.3:h:cognex_corporation:in-sight_explorer:*:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_explorer:6.5.1:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_2000_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_2000_series:6.5.1:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_7000_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_7000_series:6.5.1:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_8000_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_8000_series:6.5.1:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_9000_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_9000_series:6.5.1:*:*:*:*:*:*:*
https://www.cisa.gov/news-events/ics-advisories/icsa-25-261-06
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Cleartext transmission of sensitive information
EUVDB-ID: #VU116033
Risk: Medium
CVSSv4.0: 6.1 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-54818
CWE-ID:
CWE-319 - Cleartext Transmission of Sensitive Information
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to software uses insecure communication channel to transmit sensitive information within the user management functionality. A remote attacker with ability to intercept network traffic can gain access to the target device.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsIn-Sight Explorer: 6.5.1 and previous versions
In-Sight 2000 series: 6.5.1 and previous versions
In-Sight 7000 series: 6.5.1 and previous versions
In-Sight 8000 series: 6.5.1 and previous versions
In-Sight 9000 series: 6.5.1 and previous versions
CPE2.3- cpe:2.3:h:cognex_corporation:in-sight_explorer:*:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_explorer:6.5.1:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_2000_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_2000_series:6.5.1:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_7000_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_7000_series:6.5.1:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_8000_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_8000_series:6.5.1:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_9000_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_9000_series:6.5.1:*:*:*:*:*:*:*
https://www.cisa.gov/news-events/ics-advisories/icsa-25-261-06
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Authentication Bypass by Capture-replay
EUVDB-ID: #VU116034
Risk: Medium
CVSSv4.0: 6.1 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-54810
CWE-ID:
CWE-294 - Authentication Bypass by Capture-replay
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to authentication bypass by capture-replay. A remote attacker on the local network can capture the encrypted password, perform the replay attack and gain unauthorized access on the target device.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsIn-Sight Explorer: 6.5.1 and previous versions
In-Sight 2000 series: 6.5.1 and previous versions
In-Sight 7000 series: 6.5.1 and previous versions
In-Sight 8000 series: 6.5.1 and previous versions
In-Sight 9000 series: 6.5.1 and previous versions
CPE2.3- cpe:2.3:h:cognex_corporation:in-sight_explorer:*:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_explorer:6.5.1:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_2000_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_2000_series:6.5.1:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_7000_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_7000_series:6.5.1:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_8000_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_8000_series:6.5.1:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_9000_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_9000_series:6.5.1:*:*:*:*:*:*:*
https://www.cisa.gov/news-events/ics-advisories/icsa-25-261-06
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Client-Side Enforcement of Server-Side Security
EUVDB-ID: #VU116035
Risk: Medium
CVSSv4.0: 6.1 [CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-53969
CWE-ID:
CWE-602 - Client-Side Enforcement of Server-Side Security
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to insufficient client-side validation. A remote user on the local network can perform management operations such as changing network settings or modifying users' access to the device.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsIn-Sight Explorer: 6.5.1 and previous versions
In-Sight 2000 series: 6.5.1 and previous versions
In-Sight 7000 series: 6.5.1 and previous versions
In-Sight 8000 series: 6.5.1 and previous versions
In-Sight 9000 series: 6.5.1 and previous versions
CPE2.3- cpe:2.3:h:cognex_corporation:in-sight_explorer:*:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_explorer:6.5.1:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_2000_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_2000_series:6.5.1:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_7000_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_7000_series:6.5.1:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_8000_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_8000_series:6.5.1:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_9000_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:cognex_corporation:in-sight_9000_series:6.5.1:*:*:*:*:*:*:*
https://www.cisa.gov/news-events/ics-advisories/icsa-25-261-06
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
