Vulnerability-Lookup

CVE-2025-53969 (GCVE-0-2025-53969)

Vulnerability from cvelistv5 – Published: 2025-09-18 21:30 – Updated: 2025-09-19 13:10

Title

Cognex In-Sight Explorer and In-Sight Camera Firmware Client-Side Enforcement of Server-Side Security

Summary

Cognex In-Sight Explorer and In-Sight Camera Firmware expose a service implementing a proprietary protocol on TCP port 1069 to allow the client-side software, such as the In-Sight Explorer tool, to perform management operations such as changing network settings or modifying users' access to the device.

Severity ?

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.6 (High)


                        
                          CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CWE

CWE-602

Assigner

icscert

References

1 reference

URL	Tags
https://www.cisa.gov/news-events/ics-advisories/i…

Impacted products

5 products

Vendor	Product	Version
Cognex	In-Sight 2000 series	Affected: 5.x , ≤ 6.5.1 (custom)
Cognex	In-Sight 7000 series	Affected: 5.x , ≤ 6.5.1 (custom)
Cognex	In-Sight 8000 series	Affected: 5.x , ≤ 6.5.1 (custom)
Cognex	In-Sight 9000 series	Affected: 5.x , ≤ 6.5.1 (custom)
Cognex	In-Sight Explorer	Affected: 5.x , ≤ 6.5.1 (custom)

Credits

Diego Giubertoni of Nozomi Networks reported these vulnerabilities to CISA.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-53969",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-19T13:10:53.059220Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-19T13:10:58.750Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "In-Sight 2000 series",
          "vendor": "Cognex",
          "versions": [
            {
              "lessThanOrEqual": "6.5.1",
              "status": "affected",
              "version": "5.x",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "In-Sight 7000 series",
          "vendor": "Cognex",
          "versions": [
            {
              "lessThanOrEqual": "6.5.1",
              "status": "affected",
              "version": "5.x",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "In-Sight 8000 series",
          "vendor": "Cognex",
          "versions": [
            {
              "lessThanOrEqual": "6.5.1",
              "status": "affected",
              "version": "5.x",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "In-Sight 9000 series",
          "vendor": "Cognex",
          "versions": [
            {
              "lessThanOrEqual": "6.5.1",
              "status": "affected",
              "version": "5.x",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "In-Sight Explorer",
          "vendor": "Cognex",
          "versions": [
            {
              "lessThanOrEqual": "6.5.1",
              "status": "affected",
              "version": "5.x",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Diego Giubertoni of Nozomi Networks reported these vulnerabilities to CISA."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Cognex In-Sight Explorer and In-Sight Camera Firmware expose \na service implementing a proprietary protocol on TCP port 1069 to allow \nthe client-side software, such as the In-Sight Explorer tool, to perform\n management operations such as changing network settings or modifying \nusers\u0027 access to the device."
            }
          ],
          "value": "Cognex In-Sight Explorer and In-Sight Camera Firmware expose \na service implementing a proprietary protocol on TCP port 1069 to allow \nthe client-side software, such as the In-Sight Explorer tool, to perform\n management operations such as changing network settings or modifying \nusers\u0027 access to the device."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "ADJACENT",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-602",
              "description": "CWE-602",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-18T21:30:45.520Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-261-06"
        }
      ],
      "source": {
        "advisory": "ICSA-25-261-06",
        "discovery": "EXTERNAL"
      },
      "title": "Cognex In-Sight Explorer and In-Sight Camera Firmware Client-Side Enforcement of Server-Side Security",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Cognex reports that In-Sight Explorer based vision systems are legacy \nproducts not intended for new applications. To reduce risk, asset owners\n are advised to switch to next generation In-Sight Vision Suite based \nvision systems, such as the In-Sight 2800, In-Sight 3800, In-Sight 8900 \nseries embedded cameras.\n\n\u003cbr\u003e"
            }
          ],
          "value": "Cognex reports that In-Sight Explorer based vision systems are legacy \nproducts not intended for new applications. To reduce risk, asset owners\n are advised to switch to next generation In-Sight Vision Suite based \nvision systems, such as the In-Sight 2800, In-Sight 3800, In-Sight 8900 \nseries embedded cameras."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2025-53969",
    "datePublished": "2025-09-18T21:30:45.520Z",
    "dateReserved": "2025-08-06T16:32:41.324Z",
    "dateUpdated": "2025-09-19T13:10:58.750Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2025-53969",
      "date": "2026-05-12",
      "epss": "0.00062",
      "percentile": "0.19172"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-53969\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2025-09-18T22:15:44.363\",\"lastModified\":\"2025-09-19T16:00:27.847\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cognex In-Sight Explorer and In-Sight Camera Firmware expose \\na service implementing a proprietary protocol on TCP port 1069 to allow \\nthe client-side software, such as the In-Sight Explorer tool, to perform\\n management operations such as changing network settings or modifying \\nusers\u0027 access to the device.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.6,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-602\"}]}],\"references\":[{\"url\":\"https://www.cisa.gov/news-events/ics-advisories/icsa-25-261-06\",\"source\":\"ics-cert@hq.dhs.gov\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-53969\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-09-19T13:10:53.059220Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-09-19T13:10:55.408Z\"}}], \"cna\": {\"title\": \"Cognex In-Sight Explorer and In-Sight Camera Firmware Client-Side Enforcement of Server-Side Security\", \"source\": {\"advisory\": \"ICSA-25-261-06\", \"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Diego Giubertoni of Nozomi Networks reported these vulnerabilities to CISA.\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}, {\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 8.6, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"ADJACENT\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"LOW\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Cognex\", \"product\": \"In-Sight 2000 series\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.x\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"6.5.1\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Cognex\", \"product\": \"In-Sight 7000 series\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.x\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"6.5.1\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Cognex\", \"product\": \"In-Sight 8000 series\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.x\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"6.5.1\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Cognex\", \"product\": \"In-Sight 9000 series\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.x\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"6.5.1\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Cognex\", \"product\": \"In-Sight Explorer\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.x\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"6.5.1\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.cisa.gov/news-events/ics-advisories/icsa-25-261-06\"}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Cognex reports that In-Sight Explorer based vision systems are legacy \\nproducts not intended for new applications. To reduce risk, asset owners\\n are advised to switch to next generation In-Sight Vision Suite based \\nvision systems, such as the In-Sight 2800, In-Sight 3800, In-Sight 8900 \\nseries embedded cameras.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Cognex reports that In-Sight Explorer based vision systems are legacy \\nproducts not intended for new applications. To reduce risk, asset owners\\n are advised to switch to next generation In-Sight Vision Suite based \\nvision systems, such as the In-Sight 2800, In-Sight 3800, In-Sight 8900 \\nseries embedded cameras.\\n\\n\u003cbr\u003e\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Cognex In-Sight Explorer and In-Sight Camera Firmware expose \\na service implementing a proprietary protocol on TCP port 1069 to allow \\nthe client-side software, such as the In-Sight Explorer tool, to perform\\n management operations such as changing network settings or modifying \\nusers\u0027 access to the device.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Cognex In-Sight Explorer and In-Sight Camera Firmware expose \\na service implementing a proprietary protocol on TCP port 1069 to allow \\nthe client-side software, such as the In-Sight Explorer tool, to perform\\n management operations such as changing network settings or modifying \\nusers\u0027 access to the device.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-602\", \"description\": \"CWE-602\"}]}], \"providerMetadata\": {\"orgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"shortName\": \"icscert\", \"dateUpdated\": \"2025-09-18T21:30:45.520Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-53969\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-09-19T13:10:58.750Z\", \"dateReserved\": \"2025-08-06T16:32:41.324Z\", \"assignerOrgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"datePublished\": \"2025-09-18T21:30:45.520Z\", \"assignerShortName\": \"icscert\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GHSA-CW2C-4C8R-3M6V

Vulnerability from github – Published: 2025-09-19 00:30 – Updated: 2025-09-19 00:30

Details

Severity ?

8.8 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.6 (High)


                  
                    CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-53969"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-602"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-18T22:15:44Z",
    "severity": "HIGH"
  },
  "details": "Cognex In-Sight Explorer and In-Sight Camera Firmware expose \na service implementing a proprietary protocol on TCP port 1069 to allow \nthe client-side software, such as the In-Sight Explorer tool, to perform\n management operations such as changing network settings or modifying \nusers\u0027 access to the device.",
  "id": "GHSA-cw2c-4c8r-3m6v",
  "modified": "2025-09-19T00:30:58Z",
  "published": "2025-09-19T00:30:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53969"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-261-06"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

FKIE_CVE-2025-53969

Vulnerability from fkie_nvd - Published: 2025-09-18 22:15 - Updated: 2026-04-15 00:35

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	ics-cert@hq.dhs.gov	https://www.cisa.gov/news-events/ics-advisories/icsa-25-261-06

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cognex In-Sight Explorer and In-Sight Camera Firmware expose \na service implementing a proprietary protocol on TCP port 1069 to allow \nthe client-side software, such as the In-Sight Explorer tool, to perform\n management operations such as changing network settings or modifying \nusers\u0027 access to the device."
    }
  ],
  "id": "CVE-2025-53969",
  "lastModified": "2026-04-15T00:35:42.020",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "ics-cert@hq.dhs.gov",
        "type": "Secondary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "ADJACENT",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 8.6,
          "baseSeverity": "HIGH",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "LOW",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "HIGH",
          "vulnConfidentialityImpact": "HIGH",
          "vulnIntegrityImpact": "HIGH",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "ics-cert@hq.dhs.gov",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-09-18T22:15:44.363",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-261-06"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-602"
        }
      ],
      "source": "ics-cert@hq.dhs.gov",
      "type": "Secondary"
    }
  ]
}

ICSA-25-261-06

Vulnerability from csaf_cisa - Published: 2025-09-18 06:00 - Updated: 2025-09-18 06:00

Summary

Cognex In-Sight Explorer and In-Sight Camera Firmware

Notes

Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation: Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information, steal credentials, modify files, or cause a denial-of-service condition.

Critical infrastructure sectors: Critical Manufacturing

Countries/areas deployed: Worldwide

Company headquarters location: United States

Recommended Practices: CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:

Recommended Practices: Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.

Recommended Practices: Locate control system networks and remote devices behind firewalls and isolating them from business networks.

Recommended Practices: When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices: CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices: CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Recommended Practices: Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Recommended Practices: Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

Recommended Practices: CISA also recommends users take the following measures to protect themselves from social engineering attacks:

Recommended Practices: Do not click web links or open attachments in unsolicited email messages.

Recommended Practices: Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.

Recommended Practices: Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

Recommended Practices: No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.

CVE-2025-54754

8.0 (High)


                        
                          CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-259 - Use of Hard-coded Password

Affected products

Known affected 5 products

Product	Version	Remediation
Cognex In-Sight 2000 series: >=5.x\|<=6.5.1 Cognex / In-Sight 2000 series	>=5.x\|<=6.5.1
Cognex In-Sight 7000 series: >=5.x\|<=6.5.1 Cognex / In-Sight 7000 series	>=5.x\|<=6.5.1
Cognex In-Sight 8000 series: >=5.x\|<=6.5.1 Cognex / In-Sight 8000 series	>=5.x\|<=6.5.1
Cognex In-Sight 9000 series: >=5.x\|<=6.5.1 Cognex / In-Sight 9000 series	>=5.x\|<=6.5.1
Cognex In-Sight Explorer: >=5.x\|<=6.5.1 Cognex / In-Sight Explorer	>=5.x\|<=6.5.1	Vendor Fix

CVE-2025-47698

8.0 (High)


                        
                          CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-319 - Cleartext Transmission of Sensitive Information

Affected products

Known affected 5 products

Product	Version	Remediation
Cognex In-Sight 2000 series: >=5.x\|<=6.5.1 Cognex / In-Sight 2000 series	>=5.x\|<=6.5.1
Cognex In-Sight 7000 series: >=5.x\|<=6.5.1 Cognex / In-Sight 7000 series	>=5.x\|<=6.5.1
Cognex In-Sight 8000 series: >=5.x\|<=6.5.1 Cognex / In-Sight 8000 series	>=5.x\|<=6.5.1
Cognex In-Sight 9000 series: >=5.x\|<=6.5.1 Cognex / In-Sight 9000 series	>=5.x\|<=6.5.1
Cognex In-Sight Explorer: >=5.x\|<=6.5.1 Cognex / In-Sight Explorer	>=5.x\|<=6.5.1	Vendor Fix

CVE-2025-53947

7.7 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CWE-276 - Incorrect Default Permissions

Affected products

Known affected 5 products

Product	Version	Remediation
Cognex In-Sight 2000 series: >=5.x\|<=6.5.1 Cognex / In-Sight 2000 series	>=5.x\|<=6.5.1
Cognex In-Sight 7000 series: >=5.x\|<=6.5.1 Cognex / In-Sight 7000 series	>=5.x\|<=6.5.1
Cognex In-Sight 8000 series: >=5.x\|<=6.5.1 Cognex / In-Sight 8000 series	>=5.x\|<=6.5.1
Cognex In-Sight 9000 series: >=5.x\|<=6.5.1 Cognex / In-Sight 9000 series	>=5.x\|<=6.5.1
Cognex In-Sight Explorer: >=5.x\|<=6.5.1 Cognex / In-Sight Explorer	>=5.x\|<=6.5.1	Vendor Fix

CVE-2025-54860

7.7 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CWE-307 - Improper Restriction of Excessive Authentication Attempts

Affected products

Known affected 5 products

Product	Version	Remediation
Cognex In-Sight 2000 series: >=5.x\|<=6.5.1 Cognex / In-Sight 2000 series	>=5.x\|<=6.5.1
Cognex In-Sight 7000 series: >=5.x\|<=6.5.1 Cognex / In-Sight 7000 series	>=5.x\|<=6.5.1
Cognex In-Sight 8000 series: >=5.x\|<=6.5.1 Cognex / In-Sight 8000 series	>=5.x\|<=6.5.1
Cognex In-Sight 9000 series: >=5.x\|<=6.5.1 Cognex / In-Sight 9000 series	>=5.x\|<=6.5.1
Cognex In-Sight Explorer: >=5.x\|<=6.5.1 Cognex / In-Sight Explorer	>=5.x\|<=6.5.1	Vendor Fix

CVE-2025-52873

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

CWE-732 - Incorrect Permission Assignment for Critical Resource

Affected products

Known affected 5 products

Product	Version	Remediation
Cognex In-Sight 2000 series: >=5.x\|<=6.5.1 Cognex / In-Sight 2000 series	>=5.x\|<=6.5.1
Cognex In-Sight 7000 series: >=5.x\|<=6.5.1 Cognex / In-Sight 7000 series	>=5.x\|<=6.5.1
Cognex In-Sight 8000 series: >=5.x\|<=6.5.1 Cognex / In-Sight 8000 series	>=5.x\|<=6.5.1
Cognex In-Sight 9000 series: >=5.x\|<=6.5.1 Cognex / In-Sight 9000 series	>=5.x\|<=6.5.1
Cognex In-Sight Explorer: >=5.x\|<=6.5.1 Cognex / In-Sight Explorer	>=5.x\|<=6.5.1	Vendor Fix

CVE-2025-54497

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

CWE-732 - Incorrect Permission Assignment for Critical Resource

Affected products

Known affected 5 products

Product	Version	Remediation
Cognex In-Sight 2000 series: >=5.x\|<=6.5.1 Cognex / In-Sight 2000 series	>=5.x\|<=6.5.1
Cognex In-Sight 7000 series: >=5.x\|<=6.5.1 Cognex / In-Sight 7000 series	>=5.x\|<=6.5.1
Cognex In-Sight 8000 series: >=5.x\|<=6.5.1 Cognex / In-Sight 8000 series	>=5.x\|<=6.5.1
Cognex In-Sight 9000 series: >=5.x\|<=6.5.1 Cognex / In-Sight 9000 series	>=5.x\|<=6.5.1
Cognex In-Sight Explorer: >=5.x\|<=6.5.1 Cognex / In-Sight Explorer	>=5.x\|<=6.5.1	Vendor Fix

CVE-2025-54818

8.0 (High)


                        
                          CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-319 - Cleartext Transmission of Sensitive Information

Affected products

Known affected 5 products

Product	Version	Remediation
Cognex In-Sight 2000 series: >=5.x\|<=6.5.1 Cognex / In-Sight 2000 series	>=5.x\|<=6.5.1
Cognex In-Sight 7000 series: >=5.x\|<=6.5.1 Cognex / In-Sight 7000 series	>=5.x\|<=6.5.1
Cognex In-Sight 8000 series: >=5.x\|<=6.5.1 Cognex / In-Sight 8000 series	>=5.x\|<=6.5.1
Cognex In-Sight 9000 series: >=5.x\|<=6.5.1 Cognex / In-Sight 9000 series	>=5.x\|<=6.5.1
Cognex In-Sight Explorer: >=5.x\|<=6.5.1 Cognex / In-Sight Explorer	>=5.x\|<=6.5.1	Vendor Fix

CVE-2025-54810

8.0 (High)


                        
                          CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-294 - Authentication Bypass by Capture-replay

Affected products

Known affected 5 products

Product	Version	Remediation
Cognex In-Sight 2000 series: >=5.x\|<=6.5.1 Cognex / In-Sight 2000 series	>=5.x\|<=6.5.1
Cognex In-Sight 7000 series: >=5.x\|<=6.5.1 Cognex / In-Sight 7000 series	>=5.x\|<=6.5.1
Cognex In-Sight 8000 series: >=5.x\|<=6.5.1 Cognex / In-Sight 8000 series	>=5.x\|<=6.5.1
Cognex In-Sight 9000 series: >=5.x\|<=6.5.1 Cognex / In-Sight 9000 series	>=5.x\|<=6.5.1
Cognex In-Sight Explorer: >=5.x\|<=6.5.1 Cognex / In-Sight Explorer	>=5.x\|<=6.5.1	Vendor Fix

CVE-2025-53969

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-602 - Client-Side Enforcement of Server-Side Security

Affected products

Known affected 5 products

Product	Version	Remediation
Cognex In-Sight 2000 series: >=5.x\|<=6.5.1 Cognex / In-Sight 2000 series	>=5.x\|<=6.5.1
Cognex In-Sight 7000 series: >=5.x\|<=6.5.1 Cognex / In-Sight 7000 series	>=5.x\|<=6.5.1
Cognex In-Sight 8000 series: >=5.x\|<=6.5.1 Cognex / In-Sight 8000 series	>=5.x\|<=6.5.1
Cognex In-Sight 9000 series: >=5.x\|<=6.5.1 Cognex / In-Sight 9000 series	>=5.x\|<=6.5.1
Cognex In-Sight Explorer: >=5.x\|<=6.5.1 Cognex / In-Sight Explorer	>=5.x\|<=6.5.1	Vendor Fix

References

27 references

URL	Category
https://raw.githubusercontent.com/cisagov/CSAF/de…	self
https://www.cisa.gov/news-events/ics-advisories/i…	self
https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-…	external
https://www.cisa.gov/resources-tools/resources/ic…	external
https://www.cisa.gov/sites/default/files/publicat…	external
https://www.cisa.gov/topics/industrial-control-systems	external
https://www.cisa.gov/uscert/sites/default/files/p…	external
https://www.cisa.gov/uscert/ncas/tips/ST04-014	external
https://us-cert.cisa.gov/sites/default/files/reco…	external
https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B	external
https://www.cve.org/CVERecord?id=CVE-2025-54754	external
https://www.first.org/cvss/calculator/3.1#CVSS:3.…	external
https://www.first.org/cvss/calculator/4.0#CVSS:4.…	external
https://www.cve.org/CVERecord?id=CVE-2025-47698	external
https://www.cve.org/CVERecord?id=CVE-2025-53947	external
https://www.first.org/cvss/calculator/3.1#CVSS:3.…	external
https://www.first.org/cvss/calculator/4.0#CVSS:4.…	external
https://www.cve.org/CVERecord?id=CVE-2025-54860	external
https://www.cve.org/CVERecord?id=CVE-2025-52873	external
https://www.first.org/cvss/calculator/3.1#CVSS:3.…	external
https://www.first.org/cvss/calculator/4.0#CVSS:4.…	external
https://www.cve.org/CVERecord?id=CVE-2025-54497	external
https://www.cve.org/CVERecord?id=CVE-2025-54818	external
https://www.cve.org/CVERecord?id=CVE-2025-54810	external
https://www.cve.org/CVERecord?id=CVE-2025-53969	external
https://www.first.org/cvss/calculator/3.1#CVSS:3.…	external
https://www.first.org/cvss/calculator/4.0#CVSS:4.…	external

Acknowledgments

Nozomi Networks Diego Giubertoni

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Diego Giubertoni"
        ],
        "organization": "Nozomi Networks",
        "summary": "reporting these vulnerabilities to CISA"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information, steal credentials, modify files, or cause a denial-of-service condition.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Critical Manufacturing",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "United States",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Locate control system networks and remote devices behind firewalls and isolating them from business networks.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also recommends users take the following measures to protect themselves from social engineering attacks:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Do not click web links or open attachments in unsolicited email messages.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.",
        "title": "Recommended Practices"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "central@cisa.dhs.gov",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-25-261-06 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2025/icsa-25-261-06.json"
      },
      {
        "category": "self",
        "summary": "ICSA Advisory ICSA-25-261-06 - Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-261-06"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/topics/industrial-control-systems"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ncas/tips/ST04-014"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
      }
    ],
    "title": "Cognex In-Sight Explorer and In-Sight Camera Firmware",
    "tracking": {
      "current_release_date": "2025-09-18T06:00:00.000000Z",
      "generator": {
        "date": "2025-09-18T17:42:58.536708Z",
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-25-261-06",
      "initial_release_date": "2025-09-18T06:00:00.000000Z",
      "revision_history": [
        {
          "date": "2025-09-18T06:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "Initial Publication"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e=5.x|\u003c=6.5.1",
                "product": {
                  "name": "Cognex In-Sight 2000 series: \u003e=5.x|\u003c=6.5.1",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "In-Sight 2000 series"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e=5.x|\u003c=6.5.1",
                "product": {
                  "name": "Cognex In-Sight 7000 series: \u003e=5.x|\u003c=6.5.1",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "In-Sight 7000 series"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e=5.x|\u003c=6.5.1",
                "product": {
                  "name": "Cognex In-Sight 8000 series: \u003e=5.x|\u003c=6.5.1",
                  "product_id": "CSAFPID-0003"
                }
              }
            ],
            "category": "product_name",
            "name": "In-Sight 8000 series"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e=5.x|\u003c=6.5.1",
                "product": {
                  "name": "Cognex In-Sight 9000 series: \u003e=5.x|\u003c=6.5.1",
                  "product_id": "CSAFPID-0004"
                }
              }
            ],
            "category": "product_name",
            "name": "In-Sight 9000 series"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e=5.x|\u003c=6.5.1",
                "product": {
                  "name": "Cognex In-Sight Explorer: \u003e=5.x|\u003c=6.5.1",
                  "product_id": "CSAFPID-0005"
                }
              }
            ],
            "category": "product_name",
            "name": "In-Sight Explorer"
          }
        ],
        "category": "vendor",
        "name": "Cognex"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-54754",
      "cwe": {
        "id": "CWE-259",
        "name": "Use of Hard-coded Password"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An attacker with adjacent access, without authentication, can exploit this vulnerability to retrieve a hard-coded password embedded in publicly available software. This password can then be used to decrypt sensitive network traffic, affecting the Cognex device.",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "www.cve.org",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-54754"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Cognex reports that In-Sight Explorer based vision systems are legacy products not intended for new applications. To reduce risk, asset owners are advised to switch to next generation In-Sight Vision Suite based vision systems, such as the In-Sight 2800, In-Sight 3800, In-Sight 8900 series embedded cameras.",
          "product_ids": [
            "CSAFPID-0005"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.0,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2025-47698",
      "cwe": {
        "id": "CWE-319",
        "name": "Cleartext Transmission of Sensitive Information"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An adjacent attacker without authentication can exploit this vulnerability to retrieve a set of user-privileged credentials. These credentials are present during the firmware upgrade procedure.",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "www.cve.org",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-47698"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Cognex reports that In-Sight Explorer based vision systems are legacy products not intended for new applications. To reduce risk, asset owners are advised to switch to next generation In-Sight Vision Suite based vision systems, such as the In-Sight 2800, In-Sight 3800, In-Sight 8900 series embedded cameras.",
          "product_ids": [
            "CSAFPID-0005"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.0,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2025-53947",
      "cwe": {
        "id": "CWE-276",
        "name": "Incorrect Default Permissions"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A local attacker with low privileges on the Windows system where the software is installed can exploit this vulnerability to corrupt sensitive data. A data folder is created with very weak privileges, allowing any user logged into the Windows system to modify its content.",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "www.cve.org",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-53947"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Cognex reports that In-Sight Explorer based vision systems are legacy products not intended for new applications. To reduce risk, asset owners are advised to switch to next generation In-Sight Vision Suite based vision systems, such as the In-Sight 2800, In-Sight 3800, In-Sight 8900 series embedded cameras.",
          "product_ids": [
            "CSAFPID-0005"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2025-54860",
      "cwe": {
        "id": "CWE-307",
        "name": "Improper Restriction of Excessive Authentication Attempts"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The device exposes a telnet-based service on port 23 in order to allow management operations on the device such as firmware upgrades and device reboot requiring an authentication. A wrong management of login failures of the service causes a DoS attack, leaving the telnet service into an unreachable state.",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "www.cve.org",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-54860"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Cognex reports that In-Sight Explorer based vision systems are legacy products not intended for new applications. To reduce risk, asset owners are advised to switch to next generation In-Sight Vision Suite based vision systems, such as the In-Sight 2800, In-Sight 3800, In-Sight 8900 series embedded cameras.",
          "product_ids": [
            "CSAFPID-0005"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2025-52873",
      "cwe": {
        "id": "CWE-732",
        "name": "Incorrect Permission Assignment for Critical Resource"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The device exposes a Telnet-based service on port 23 to allow management operations such as firmware upgrades and device reboots, which require authentication. A user with protected privileges can successfully invoke the SetSystemConfig functionality to modify relevant device properties (such as network settings), contradicting the security model proposed in the user manual.",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "www.cve.org",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-52873"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Cognex reports that In-Sight Explorer based vision systems are legacy products not intended for new applications. To reduce risk, asset owners are advised to switch to next generation In-Sight Vision Suite based vision systems, such as the In-Sight 2800, In-Sight 3800, In-Sight 8900 series embedded cameras.",
          "product_ids": [
            "CSAFPID-0005"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2025-54497",
      "cwe": {
        "id": "CWE-732",
        "name": "Incorrect Permission Assignment for Critical Resource"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The device exposes a Telnet-based service on port 23 to allow management operations such as firmware upgrades and device reboots, which require authentication. A user with protected privileges can successfully invoke the SetSerialPort functionality to modify relevant device properties (such as serial interface settings), contradicting the security model proposed in the user manual.",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "www.cve.org",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-54497"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Cognex reports that In-Sight Explorer based vision systems are legacy products not intended for new applications. To reduce risk, asset owners are advised to switch to next generation In-Sight Vision Suite based vision systems, such as the In-Sight 2800, In-Sight 3800, In-Sight 8900 series embedded cameras.",
          "product_ids": [
            "CSAFPID-0005"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2025-54818",
      "cwe": {
        "id": "CWE-319",
        "name": "Cleartext Transmission of Sensitive Information"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The device exposes a proprietary protocol on TCP port 1069 to perform management operations such as modifying system properties. The user management functionality handles sensitive data such as registered usernames and passwords over an unencrypted channel, allowing an adjacent attacker to intercept valid credentials to gain access to the device.",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "www.cve.org",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-54818"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Cognex reports that In-Sight Explorer based vision systems are legacy products not intended for new applications. To reduce risk, asset owners are advised to switch to next generation In-Sight Vision Suite based vision systems, such as the In-Sight 2800, In-Sight 3800, In-Sight 8900 series embedded cameras.",
          "product_ids": [
            "CSAFPID-0005"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.0,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2025-54810",
      "cwe": {
        "id": "CWE-294",
        "name": "Authentication Bypass by Capture-replay"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The device exposes three protocols that require user authentication to be accessible, which share the same authentication scheme. The authentication mechanism is based on a username and password. Communication occurs over an unencrypted channel, with the password encrypted to mitigate data leakage. However, the same encryption key is repeatedly used across multiple sessions, allowing an attacker monitoring network traffic to capture the encrypted password and carry out a replay attack to gain unauthorized access.",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "www.cve.org",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-54810"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Cognex reports that In-Sight Explorer based vision systems are legacy products not intended for new applications. To reduce risk, asset owners are advised to switch to next generation In-Sight Vision Suite based vision systems, such as the In-Sight 2800, In-Sight 3800, In-Sight 8900 series embedded cameras.",
          "product_ids": [
            "CSAFPID-0005"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.0,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2025-53969",
      "cwe": {
        "id": "CWE-602",
        "name": "Client-Side Enforcement of Server-Side Security"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The device exposes a service implementing a proprietary protocol on TCP port 1069 to allow the client-side software, such as the In-Sight Explorer tool, to perform management operations such as changing network settings or modifying users\u0027 access to the device.",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "www.cve.org",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-53969"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Cognex reports that In-Sight Explorer based vision systems are legacy products not intended for new applications. To reduce risk, asset owners are advised to switch to next generation In-Sight Vision Suite based vision systems, such as the In-Sight 2800, In-Sight 3800, In-Sight 8900 series embedded cameras.",
          "product_ids": [
            "CSAFPID-0005"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ]
        }
      ]
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Product	Version	Remediation
Cognex In-Sight 2000 series: >=5.x\|<=6.5.1 Cognex / In-Sight 2000 series	>=5.x\|<=6.5.1
Cognex In-Sight 7000 series: >=5.x\|<=6.5.1 Cognex / In-Sight 7000 series	>=5.x\|<=6.5.1
Cognex In-Sight 8000 series: >=5.x\|<=6.5.1 Cognex / In-Sight 8000 series	>=5.x\|<=6.5.1
Cognex In-Sight 9000 series: >=5.x\|<=6.5.1 Cognex / In-Sight 9000 series	>=5.x\|<=6.5.1
Cognex In-Sight Explorer: >=5.x\|<=6.5.1 Cognex / In-Sight Explorer	>=5.x\|<=6.5.1	Vendor Fix

Product	Version	Remediation
Cognex In-Sight 2000 series: >=5.x\|<=6.5.1 Cognex / In-Sight 2000 series	>=5.x\|<=6.5.1
Cognex In-Sight 7000 series: >=5.x\|<=6.5.1 Cognex / In-Sight 7000 series	>=5.x\|<=6.5.1
Cognex In-Sight 8000 series: >=5.x\|<=6.5.1 Cognex / In-Sight 8000 series	>=5.x\|<=6.5.1
Cognex In-Sight 9000 series: >=5.x\|<=6.5.1 Cognex / In-Sight 9000 series	>=5.x\|<=6.5.1
Cognex In-Sight Explorer: >=5.x\|<=6.5.1 Cognex / In-Sight Explorer	>=5.x\|<=6.5.1	Vendor Fix

Product	Version	Remediation
Cognex In-Sight 2000 series: >=5.x\|<=6.5.1 Cognex / In-Sight 2000 series	>=5.x\|<=6.5.1
Cognex In-Sight 7000 series: >=5.x\|<=6.5.1 Cognex / In-Sight 7000 series	>=5.x\|<=6.5.1
Cognex In-Sight 8000 series: >=5.x\|<=6.5.1 Cognex / In-Sight 8000 series	>=5.x\|<=6.5.1
Cognex In-Sight 9000 series: >=5.x\|<=6.5.1 Cognex / In-Sight 9000 series	>=5.x\|<=6.5.1
Cognex In-Sight Explorer: >=5.x\|<=6.5.1 Cognex / In-Sight Explorer	>=5.x\|<=6.5.1	Vendor Fix

Product	Version	Remediation
Cognex In-Sight 2000 series: >=5.x\|<=6.5.1 Cognex / In-Sight 2000 series	>=5.x\|<=6.5.1
Cognex In-Sight 7000 series: >=5.x\|<=6.5.1 Cognex / In-Sight 7000 series	>=5.x\|<=6.5.1
Cognex In-Sight 8000 series: >=5.x\|<=6.5.1 Cognex / In-Sight 8000 series	>=5.x\|<=6.5.1
Cognex In-Sight 9000 series: >=5.x\|<=6.5.1 Cognex / In-Sight 9000 series	>=5.x\|<=6.5.1
Cognex In-Sight Explorer: >=5.x\|<=6.5.1 Cognex / In-Sight Explorer	>=5.x\|<=6.5.1	Vendor Fix

Product	Version	Remediation
Cognex In-Sight 2000 series: >=5.x\|<=6.5.1 Cognex / In-Sight 2000 series	>=5.x\|<=6.5.1
Cognex In-Sight 7000 series: >=5.x\|<=6.5.1 Cognex / In-Sight 7000 series	>=5.x\|<=6.5.1
Cognex In-Sight 8000 series: >=5.x\|<=6.5.1 Cognex / In-Sight 8000 series	>=5.x\|<=6.5.1
Cognex In-Sight 9000 series: >=5.x\|<=6.5.1 Cognex / In-Sight 9000 series	>=5.x\|<=6.5.1
Cognex In-Sight Explorer: >=5.x\|<=6.5.1 Cognex / In-Sight Explorer	>=5.x\|<=6.5.1	Vendor Fix

Action not permitted

CVE-2025-53969 (GCVE-0-2025-53969)

GHSA-CW2C-4C8R-3M6V

FKIE_CVE-2025-53969

ICSA-25-261-06

Tags

Sightings

Nomenclature