Improper Output Neutralization for Logs in 3D-A1000 Dimensioning System

#VU67058 Improper Output Neutralization for Logs in 3D-A1000 Dimensioning System

Published: 2022-09-07

Vulnerability identifier: #VU67058

Vulnerability risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-1522

CWE-ID: CWE-117

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
3D-A1000 Dimensioning System
Hardware solutions / Security hardware applicances

Vendor: Cognex Corporation

Description

The vulnerability allows a remote attacker to compromise the system.

The vulnerability exists due to improper output neutralization for logs. A remote attacker can create false logs that show the password as having been changed when it is not, complicating forensics.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

3D-A1000 Dimensioning System: 1.0.3 3354

External links
http://www.cisa.gov/uscert/ics/advisories/icsa-22-249-03

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Cognex 3D-A1000 Dimensioning System