Cognex In-Sight Products Hard-Coded Password Vulnerability Allowing Decryption of Sensitive Traffic
Vulnerability
A vulnerability exists in Cognex In-Sight 2000, 7000, 8000, and 9000 series products, as well as In-Sight Explorer, all running versions 5.x up to and including 6.5.1. This vulnerability allows an adjacent attacker, without authentication, to extract a hard-coded password from publicly available software. This password can be used to decrypt sensitive network traffic, impacting the affected Cognex device.
Impact
Exploitation of this vulnerability could lead to the interception and decryption of sensitive network traffic, allowing unauthorized access to information or functionalities on the affected Cognex device.
Remediation
Cognex advises users to transition to next-generation In-Sight Vision Suite-based systems, such as the In-Sight 2800, 3800, or 8900 series embedded cameras. For additional guidance, refer to the CISA ICS webpage and the technical information paper ICS-TIP-12-146-01B.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.