CVE-2022-1368— Cognex 3D-A1000 Dimensioning System Missing Authentication for Critical Function
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2022-1368
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cognex 3D-A1000 Dimensioning System Missing Authentication for Critical Function
Source: NVD (National Vulnerability Database)
Vulnerability Description
The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (3354) and prior is vulnerable to CWE-306: Missing Authentication for Critical Function, which allows unauthorized users to change the operator account password via webserver commands by monitoring web socket communications from an unauthenticated session. This could allow an attacker to escalate privileges to match those of the compromised account.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
关键功能的认证机制缺失
Source: NVD (National Vulnerability Database)
Vulnerability Title
Cognex 3D-A1000 Dimensioning System 访问控制错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Cognex 3D-A1000 Dimensioning System是美国Cognex公司的一款紧凑型工业智能相机能够捕捉 3D 和 2D 的移动物体。 Cognex 3D-A1000 Dimensioning System 1.0.3 (3354)版本及之前版本存在访问控制错误漏洞,该漏洞源于关键功能缺少身份验证。攻击者利用该漏洞升级权限。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Cognex | 3D-A1000 Dimensioning System | all ~ 1.0.3 (3354) | - |
II. Public POCs for CVE-2022-1368
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2022-1368
请登录查看更多情报信息。
- https://www.cisa.gov/uscert/ics/advisories/icsa-22-249-03x_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2022-1368
Same Patch Batch · Cognex · 2022-09-06 · 3 CVEs total
| CVE-2022-1525 | 9.1 CRITICAL | Cognex 3D-A1000 Dimensioning System Client-Side Enforcement of Server-Side Security |
| CVE-2022-1522 | 5.3 MEDIUM | Cognex 3D-A1000 Dimensioning System Improper Output Neutralization for Logs |
IV. Related Vulnerabilities
Same vendor: Cognex
- CVE-2025-53969
Cognex In-Sight Explorer and In-Sight Camera Firmware Client - CVE-2025-54810
Cognex In-Sight Explorer and In-Sight Camera Firmware Authen - CVE-2025-54818
Cognex In-Sight Explorer and In-Sight Camera Firmware Cleart - CVE-2025-54497
Cognex In-Sight Explorer and In-Sight Camera Firmware Incorr - CVE-2025-52873
Cognex In-Sight Explorer and In-Sight Camera Firmware Incorr
Same weakness: CWE-306
- CVE-2021-47940
WordPress Download From Files 1.48 Arbitrary File Upload - CVE-2021-47936
OpenCATS 0.9.4 Remote Code Execution via Resume Upload - CVE-2021-47933
WordPress MStore API 2.0.6 Arbitrary File Upload - CVE-2026-8185
UGREEN CM933 Administrative missing authentication - CVE-2026-42302
FastGPT: Unauthenticated Remote Code Execution (RCE) via cod
V. Comments for CVE-2022-1368
No comments yet