CVE-2022-1368 - OpenCVE

The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (3354) and prior is vulnerable to CWE-306: Missing Authentication for Critical Function, which allows unauthorized users to change the operator account password via webserver commands by monitoring web socket communications from an unauthenticated session. This could allow an attacker to escalate privileges to match those of the compromised account.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Cognex	3d-a1000 Dimensioning System 3d-a1000 Dimensioning System Firmware

Configuration 1 [-]

AND

cpe:2.3:o:cognex:3d-a1000_dimensioning_system_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cognex:3d-a1000_dimensioning_system:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-249-03	Third Party Advisory US Government Resource

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: icscert

Published: 2022-09-06T22:19:13

Updated: 2022-09-06T22:19:13

Reserved: 2022-04-14T00:00:00

Link: CVE-2022-1368

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-09-06T23:15:08.240

Modified: 2022-09-12T13:53:58.487

Link: CVE-2022-1368

JSON object: View

Redhat Information

No data.

CWE

CWE-306

{"containers": {"cna": {"affected": [{"product": "3D-A1000 Dimensioning System", "vendor": "Cognex", "versions": [{"lessThanOrEqual": "1.0.3 (3354)", "status": "affected", "version": "all", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Tri Quach, Shanil Prasad, Brandon Park, and Nishith Sinha reported these vulnerabilities to CISA."}], "descriptions": [{"lang": "en", "value": "The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (3354) and prior is vulnerable to CWE-306: Missing Authentication for Critical Function, which allows unauthorized users to change the operator account password via webserver commands by monitoring web socket communications from an unauthenticated session. This could allow an attacker to escalate privileges to match those of the compromised account."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-09-06T22:19:13", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-249-03"}], "source": {"discovery": "UNKNOWN"}, "title": "Cognex 3D-A1000 Dimensioning System Missing Authentication for Critical Function", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2022-1368", "STATE": "PUBLIC", "TITLE": "Cognex 3D-A1000 Dimensioning System Missing Authentication for Critical Function"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "3D-A1000 Dimensioning System", "version": {"version_data": [{"version_affected": "<=", "version_name": "all", "version_value": "1.0.3 (3354)"}]}}]}, "vendor_name": "Cognex"}]}}, "credit": [{"lang": "eng", "value": "Tri Quach, Shanil Prasad, Brandon Park, and Nishith Sinha reported these vulnerabilities to CISA."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (3354) and prior is vulnerable to CWE-306: Missing Authentication for Critical Function, which allows unauthorized users to change the operator account password via webserver commands by monitoring web socket communications from an unauthenticated session. This could allow an attacker to escalate privileges to match those of the compromised account."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-306 Missing Authentication for Critical Function"}]}]}, "references": {"reference_data": [{"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-249-03", "refsource": "MISC", "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-249-03"}]}, "source": {"discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2022-1368", "datePublished": "2022-09-06T22:19:13", "dateReserved": "2022-04-14T00:00:00", "dateUpdated": "2022-09-06T22:19:13", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cognex:3d-a1000_dimensioning_system_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "BE25BB24-A1BE-4904-935B-61E84CAAFD81", "versionEndIncluding": "1.0.3\\(3354\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cognex:3d-a1000_dimensioning_system:-:*:*:*:*:*:*:*", "matchCriteriaId": "01F624C6-079A-40BB-BA07-3441A6934850", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (3354) and prior is vulnerable to CWE-306: Missing Authentication for Critical Function, which allows unauthorized users to change the operator account password via webserver commands by monitoring web socket communications from an unauthenticated session. This could allow an attacker to escalate privileges to match those of the compromised account."}, {"lang": "es", "value": "Cognex 3D-A1000 Dimensioning System en versi\u00f3n de firmware 1.0.3 (3354) y anteriores, es vulnerable a CWE-306: Una Falta de Autentificaci\u00f3n para la Funci\u00f3n Cr\u00edtica, que permite que usuarios no autorizados cambien la contrase\u00f1a de la cuenta del operador por medio de comandos del servidor web mediante la monitorizaci\u00f3n de las comunicaciones del socket web desde una sesi\u00f3n no autenticada. Esto podr\u00eda permitir a un atacante escalar privilegios hasta igualar los de la cuenta comprometida.\n"}], "id": "CVE-2022-1368", "lastModified": "2022-09-12T13:53:58.487", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2022-09-06T23:15:08.240", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-249-03"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}]}