CVE-2025-54860 | THREATINT

Description

Cognex In-Sight Explorer and In-Sight Camera Firmware expose a telnet-based service on port 23 in order to allow management operations on the device such as firmware upgrades and device reboot requiring an authentication. A wrong management of login failures of the service allows a denial-of-service attack, leaving the telnet service into an unreachable state.

PUBLISHED Reserved 2025-08-06 | Published 2025-09-18 | Updated 2025-09-19 | Assigner icscert

HIGH: 7.7CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

MEDIUM: 6.9CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-307

Product status

Default status

unaffected

5.x (custom)

affected

Default status

unaffected

5.x (custom)

affected

Default status

unaffected

5.x (custom)

affected

Default status

unaffected

5.x (custom)

affected

Default status

unaffected

5.x (custom)

affected

Credits

Diego Giubertoni of Nozomi Networks reported these vulnerabilities to CISA. finder

References

www.cisa.gov/news-events/ics-advisories/icsa-25-261-06

cve.org (CVE-2025-54860)

nvd.nist.gov (CVE-2025-54860)

Download JSON