CVE-2022-1525

Name of the Vulnerable Software and Affected Versions Cognex 3D-A1000 Dimensioning System versions 1.0.3 (3354) and prior

Description The issue is related to the implementation of security functions on the client-side of the Cognex 3D-A1000 Dimensioning System. This could allow a remote attacker to elevate their privileges. The vulnerability is associated with the client-side enforcement of server-side security, which may enable attackers to bypass web access controls by inspecting and modifying the source code of password-protected web elements.

Recommendations For versions 1.0.3 (3354) and prior, consider disabling web access to password-protected elements until a patch is available. Restrict access to the source code of web elements to minimize the risk of exploitation. Avoid using password-protected web elements in the affected system until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.