Cognex In-Sight Products Cleartext Transmission of User-Credentials Vulnerability

A vulnerability exists in multiple Cognex In-Sight products, including the In-Sight 2000, 7000, 8000, and 9000 series, as well as In-Sight Explorer, all running versions 5.x prior to 6.5.1. This vulnerability allows an adjacent attacker without authentication to intercept user-privileged credentials during the firmware upgrade process, exploiting cleartext transmission of sensitive information.

Impact

Successful exploitation allows adjacent attackers to retrieve user-privileged credentials, which could be used to gain unauthorized access to the device or its functions.

Remediation

Cognex advises users to switch to next-generation In-Sight Vision Suite-based systems, such as the In-Sight 2800, 3800, or 8900 series embedded cameras. For additional guidance, refer to the CISA ICS webpage and the technical information paper ICS-TIP-12-146-01B.