EUVD-2022-24820

Malicious code in bioql PyPI...

CVE-2022-1522

The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 3354 and prior is vulnerable to CWE-117: Improper Output Neutralization for Logs, which allows an attacker to create false logs that show the password as having been changed when it is not, complicating forensics...

CVE-2022-1368

The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 3354 and prior is vulnerable to CWE-306: Missing Authentication for Critical Function, which allows unauthorized users to change the operator account password via webserver commands by monitoring web socket communications from an...

The vulnerability of the microprogramming software of the Cognex 3D-A1000 Dimensioning System, related to the implementation of security functions at the client-side, allows attackers to exploit their privileges.

The vulnerability of the microprogramming software of the Cognex 3D-A1000 Dimensioning System is related to the implementation of security functions at the client side. Exploiting this vulnerability can allow a malicious actor to enhance their privileges remotely...

CVE-2022-1525

The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 3354 and prior is vulnerable to CWE-602: Client-Side Enforcement of Server-Side Security, which could allow attackers to bypass web access controls by inspecting and modifying the source code of password protected web elements...

CVE-2022-1368

The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 3354 and prior is vulnerable to CWE-306: Missing Authentication for Critical Function, which allows unauthorized users to change the operator account password via webserver commands by monitoring web socket communications from an...

CVE-2022-1522

The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 3354 and prior is vulnerable to CWE-117: Improper Output Neutralization for Logs, which allows an attacker to create false logs that show the password as having been changed when it is not, complicating forensics...

Input validation

The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 3354 and prior is vulnerable to CWE-117: Improper Output Neutralization for Logs, which allows an attacker to create false logs that show the password as having been changed when it is not, complicating forensics...

Authentication flaw

The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 3354 and prior is vulnerable to CWE-306: Missing Authentication for Critical Function, which allows unauthorized users to change the operator account password via webserver commands by monitoring web socket communications from an...

CVE-2022-1525 Cognex 3D-A1000 Dimensioning System Client-Side Enforcement of Server-Side Security

The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 3354 and prior is vulnerable to CWE-602: Client-Side Enforcement of Server-Side Security, which could allow attackers to bypass web access controls by inspecting and modifying the source code of password protected web elements...

CVE-2022-1522

CVE-2022-1522 affects Cognex 3D-A1000 Dimensioning System firmware 1.0.3 (3354) and earlier. The vulnerability is CWE-117: Improper Output Neutralization for Logs, enabling an attacker to forge log entries that falsely indicate a password change, complicating forensics. Connected advisories confi...

CVE-2022-1368

The CVE-2022-1368 issue affects Cognex 3D-A1000 Dimensioning System (Firmware 1.0.3 (3354) and earlier). The root cause is CWE-306: Missing Authentication for Critical Function, where unauthorized users can change the operator account password via webserver commands by monitoring WebSocket traffi...

CVE-2022-1525

The CVE-2022-1525 entry applies to Cognex 3D-A1000 Dimensioning System firmware 1.0.3 (3354) and earlier. The issue is CWE-602: Client-Side Enforcement of Server-Side Security, where attackers could bypass web access controls by inspecting/modifying the source code of password-protected web eleme...

PT-2022-4703 · Cognex · Cognex 3D-A1000 Dimensioning System

Name of the Vulnerable Software and Affected Versions: Cognex 3D-A1000 Dimensioning System versions 1.0.3 and prior Description: The issue is related to missing authentication for critical functions, allowing unauthorized users to change the operator account password via web server commands. This...

Cognex 3D-A1000 Dimensioning System 访问控制错误漏洞

The Cognex 3D-A1000 Dimensioning System is a compact industrial smart camera capable of capturing 3D and 2D moving objects from Cognex Corporation. An access control error vulnerability exists in Cognex 3D-A1000 Dimensioning System version 1.0.3 3354 and prior versions, which stems from a lack of...

Cognex 3D-A1000 Dimensioning System 安全漏洞

The Cognex 3D-A1000 Dimensioning System is a compact industrial smart camera from Cognex capable of capturing moving objects in 3D and 2D. A security vulnerability exists in Cognex 3D-A1000 Dimensioning System version 1.0.3 3354 and prior versions. An attacker could exploit the vulnerability to...

PT-2022-4704 · Cognex · Cognex 3D-A1000 Dimensioning System

Name of the Vulnerable Software and Affected Versions: Cognex 3D-A1000 Dimensioning System versions 1.0.3 3354 and prior Description: The issue is related to improper output neutralization for logs, which can be exploited by a remote attacker to create arbitrary log files. This can lead to the...

PT-2022-4702 · Cognex · Cognex 3D-A1000 Dimensioning System

Name of the Vulnerable Software and Affected Versions: Cognex 3D-A1000 Dimensioning System versions 1.0.3 3354 and prior Description: The issue is related to the implementation of security functions on the client-side of the Cognex 3D-A1000 Dimensioning System. This could allow a remote attacker ...