#VU116028 Improper Restriction of Excessive Authentication Attempts in Cognex Corporation products - CVE-2025-54860
Vulnerability identifier: #VU116028
Vulnerability risk: Low
CVSSv4.0: 4.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-307
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
In-Sight Explorer
Hardware solutions /
Firmware
In-Sight 2000 series
Hardware solutions /
Firmware
In-Sight 7000 series
Hardware solutions /
Firmware
In-Sight 8000 series
Hardware solutions /
Firmware
In-Sight 9000 series
Hardware solutions /
Firmware
Vendor: Cognex Corporation
Description
The vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to the affected module does not limit the number of password attempts. A local user can perform a brute-force attack and perform a denial of service (DoS) attack on the system.
Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versions
In-Sight Explorer: - - 6.5.1
In-Sight 2000 series: - - 6.5.1
In-Sight 7000 series: - - 6.5.1
In-Sight 8000 series: - - 6.5.1
In-Sight 9000 series: - - 6.5.1
External links
https://www.cisa.gov/news-events/ics-advisories/icsa-25-261-06
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
