#VU116033 Cleartext transmission of sensitive information in Cognex Corporation products - CVE-2025-54818
Vulnerability identifier: #VU116033
Vulnerability risk: Medium
CVSSv4.0: 6.1 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID:
CWE-ID:
CWE-319
Exploitation vector: Local network
Exploit availability: No
Vulnerable software:
In-Sight Explorer
Hardware solutions /
Firmware
In-Sight 2000 series
Hardware solutions /
Firmware
In-Sight 7000 series
Hardware solutions /
Firmware
In-Sight 8000 series
Hardware solutions /
Firmware
In-Sight 9000 series
Hardware solutions /
Firmware
Vendor: Cognex Corporation
Description
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to software uses insecure communication channel to transmit sensitive information within the user management functionality. A remote attacker with ability to intercept network traffic can gain access to the target device.
Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versions
In-Sight Explorer: - - 6.5.1
In-Sight 2000 series: - - 6.5.1
In-Sight 7000 series: - - 6.5.1
In-Sight 8000 series: - - 6.5.1
In-Sight 9000 series: - - 6.5.1
External links
https://www.cisa.gov/news-events/ics-advisories/icsa-25-261-06
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
