#VU116034 Authentication Bypass by Capture-replay in Cognex Corporation products - CVE-2025-54810
Vulnerability identifier: #VU116034
Vulnerability risk: Medium
CVSSv4.0: 6.1 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID:
CWE-ID:
CWE-294
Exploitation vector: Local network
Exploit availability: No
Vulnerable software:
In-Sight Explorer
Hardware solutions /
Firmware
In-Sight 2000 series
Hardware solutions /
Firmware
In-Sight 7000 series
Hardware solutions /
Firmware
In-Sight 8000 series
Hardware solutions /
Firmware
In-Sight 9000 series
Hardware solutions /
Firmware
Vendor: Cognex Corporation
Description
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to authentication bypass by capture-replay. A remote attacker on the local network can capture the encrypted password, perform the replay attack and gain unauthorized access on the target device.
Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versions
In-Sight Explorer: - - 6.5.1
In-Sight 2000 series: - - 6.5.1
In-Sight 7000 series: - - 6.5.1
In-Sight 8000 series: - - 6.5.1
In-Sight 9000 series: - - 6.5.1
External links
https://www.cisa.gov/news-events/ics-advisories/icsa-25-261-06
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
