#VU67057 Missing Authentication for Critical Function in 3D-A1000 Dimensioning System - CVE-2022-1368
Published: September 7, 2022
Vulnerability identifier: #VU67057
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2022-1368
CWE-ID: CWE-306
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
3D-A1000 Dimensioning System
3D-A1000 Dimensioning System
Software vendor:
Cognex Corporation
Cognex Corporation
Description
The vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to missing authentication for critical function. A remote attacker can change the operator account password via webserver commands by monitoring web socket communications from an unauthenticated session and gain elevated privileges on the target system.
Remediation
Install updates from vendor's website.