"Some of the industrial cameras made by Cognex are affected by potentially serious vulnerabilities, but they will not receive a patch. The cybersecurity agency CISA informed organizations about the vulnerabilities, which impact In-Sight products, with an advisory published on September 18. Cognex, a company based in the United States, designs and manufactures machine vision and barcode scanner solutions for industrial facilities."
"Nine vulnerabilities have been found to affect In-Sight 2000, 7000, 8000, and 9000 vision systems and the In-Sight Explorer client software that provides the interface for accessing devices. Nozomi has conducted its tests on a Cognex IS2000M-120 camera. The list of flaws includes hardcoded password, cleartext transmission of sensitive information, incorrect default permission, DoS, privilege escalation, and authentication bypass weaknesses. A majority have been assigned a 'high severity' rating."
Several Cognex In-Sight industrial cameras (2000, 7000, 8000, 9000) and In-Sight Explorer client software contain nine vulnerabilities discovered by Nozomi Networks. CISA published an advisory on September 18 and noted deployment in critical manufacturing. Vulnerabilities include hardcoded credentials, cleartext transmission of sensitive information, incorrect default permissions, denial-of-service, privilege escalation, and authentication bypass; most are rated high severity. Exploitation requires network access to the segment housing cameras, as devices are typically in closed environments. No patch will be issued. Nozomi outlined theoretical attack scenarios including MitM interception and attacks against cameras and connected systems.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]