19 matches found
EUVD-2022-24688
Malicious code in bioql PyPI...
EUVD-2022-24823
Malicious code in bioql PyPI...
CVE-2022-1525
The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 3354 and prior is vulnerable to CWE-602: Client-Side Enforcement of Server-Side Security, which could allow attackers to bypass web access controls by inspecting and modifying the source code of password protected web elements...
CVE-2022-1522
The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 3354 and prior is vulnerable to CWE-117: Improper Output Neutralization for Logs, which allows an attacker to create false logs that show the password as having been changed when it is not, complicating forensics...
CVE-2022-1368
The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 3354 and prior is vulnerable to CWE-306: Missing Authentication for Critical Function, which allows unauthorized users to change the operator account password via webserver commands by monitoring web socket communications from an...
CVE-2022-1525
The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 3354 and prior is vulnerable to CWE-602: Client-Side Enforcement of Server-Side Security, which could allow attackers to bypass web access controls by inspecting and modifying the source code of password protected web elements...
CVE-2022-1522
The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 3354 and prior is vulnerable to CWE-117: Improper Output Neutralization for Logs, which allows an attacker to create false logs that show the password as having been changed when it is not, complicating forensics...
Code injection
The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 3354 and prior is vulnerable to CWE-602: Client-Side Enforcement of Server-Side Security, which could allow attackers to bypass web access controls by inspecting and modifying the source code of password protected web elements...
Input validation
The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 3354 and prior is vulnerable to CWE-117: Improper Output Neutralization for Logs, which allows an attacker to create false logs that show the password as having been changed when it is not, complicating forensics...
CVE-2022-1525 Cognex 3D-A1000 Dimensioning System Client-Side Enforcement of Server-Side Security
The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 3354 and prior is vulnerable to CWE-602: Client-Side Enforcement of Server-Side Security, which could allow attackers to bypass web access controls by inspecting and modifying the source code of password protected web elements...
CVE-2022-1525
The CVE-2022-1525 entry applies to Cognex 3D-A1000 Dimensioning System firmware 1.0.3 (3354) and earlier. The issue is CWE-602: Client-Side Enforcement of Server-Side Security, where attackers could bypass web access controls by inspecting/modifying the source code of password-protected web eleme...
CVE-2022-1368
The CVE-2022-1368 issue affects Cognex 3D-A1000 Dimensioning System (Firmware 1.0.3 (3354) and earlier). The root cause is CWE-306: Missing Authentication for Critical Function, where unauthorized users can change the operator account password via webserver commands by monitoring WebSocket traffi...
CVE-2022-1368 Cognex 3D-A1000 Dimensioning System Missing Authentication for Critical Function
The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 3354 and prior is vulnerable to CWE-306: Missing Authentication for Critical Function, which allows unauthorized users to change the operator account password via webserver commands by monitoring web socket communications from an...
CVE-2022-1522 Cognex 3D-A1000 Dimensioning System Improper Output Neutralization for Logs
The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 3354 and prior is vulnerable to CWE-117: Improper Output Neutralization for Logs, which allows an attacker to create false logs that show the password as having been changed when it is not, complicating forensics...
CVE-2022-1368 Cognex 3D-A1000 Dimensioning System Missing Authentication for Critical Function
The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 3354 and prior is vulnerable to CWE-306: Missing Authentication for Critical Function, which allows unauthorized users to change the operator account password via webserver commands by monitoring web socket communications from an...
CVE-2022-1522
CVE-2022-1522 affects Cognex 3D-A1000 Dimensioning System firmware 1.0.3 (3354) and earlier. The vulnerability is CWE-117: Improper Output Neutralization for Logs, enabling an attacker to forge log entries that falsely indicate a password change, complicating forensics. Connected advisories confi...
CVE-2022-1525 Cognex 3D-A1000 Dimensioning System Client-Side Enforcement of Server-Side Security
The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 3354 and prior is vulnerable to CWE-602: Client-Side Enforcement of Server-Side Security, which could allow attackers to bypass web access controls by inspecting and modifying the source code of password protected web elements...
PT-2022-4704 · Cognex · Cognex 3D-A1000 Dimensioning System
Name of the Vulnerable Software and Affected Versions: Cognex 3D-A1000 Dimensioning System versions 1.0.3 3354 and prior Description: The issue is related to improper output neutralization for logs, which can be exploited by a remote attacker to create arbitrary log files. This can lead to the...
CISA Releases Five Industrial Control Systems Advisories
CISA has released five Industrial Control Systems ICS advisories on September 06, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories fo...