Cognex In-Sight Products Incorrect Default Permissions Vulnerability Allowing Data Corruption
Vulnerability
A vulnerability exists in Cognex In-Sight 2000, 7000, 8000, and 9000 series products, as well as In-Sight Explorer, all running versions 5.x up to and including 6.5.1. This vulnerability allows local attackers with low privileges on the Windows system where the software is installed to exploit incorrect default permissions. A data folder is created with weak privileges, enabling any user logged into the Windows system to modify its content and potentially corrupt sensitive data.
Impact
Exploitation of this vulnerability could lead to unauthorized modification of files, allowing for corruption of sensitive information.
Remediation
Cognex reports that In-Sight Explorer based vision systems are legacy products not intended for new applications. To reduce risk, asset owners are advised to switch to next generation In-Sight Vision Suite based vision systems, such as the In-Sight 2800, In-Sight 3800, or In-Sight 8900 series embedded cameras.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.