CVE-2022-1368
CRITICALCognex 3D-A1000 Dimensioning System Firmware < 1.0.3(3354) - Unauthenticated Password Change via WebSocket Monitoring
Title source: llmDescription
The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (3354) and prior is vulnerable to CWE-306: Missing Authentication for Critical Function, which allows unauthorized users to change the operator account password via webserver commands by monitoring web socket communications from an unauthenticated session. This could allow an attacker to escalate privileges to match those of the compromised account.
References (1)
Core 1
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://www.cisa.gov/uscert/ics/advisories/icsa-22-249-03
Scores
CVSS v3
9.8
EPSS
0.0078
EPSS Percentile
51.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-306
Status
published
Products (1)
cognex/3d-a1000_dimensioning_system_firmware
< 1.0.3\(3354\)
Published
Sep 06, 2022
Tracked Since
Feb 18, 2026