CVE-2022-1525 - Vulnerability Details - OpenCVE

The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (3354) and prior is vulnerable to CWE-602: Client-Side Enforcement of Server-Side Security, which could allow attackers to bypass web access controls by inspecting and modifying the source code of password protected web elements.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact total

Vendors	Products
Cognex	3d-a1000 Dimensioning System 3d-a1000 Dimensioning System Firmware

Configuration 1 [-]

AND

cpe:2.3:o:cognex:3d-a1000_dimensioning_system_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cognex:3d-a1000_dimensioning_system:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.cisa.gov/uscert/ics/advisories/icsa-22-249-03

History

Wed, 16 Apr 2025 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2022-09-06T22:19:13.000Z

Updated: 2025-04-16T16:10:27.445Z

Reserved: 2022-04-28T00:00:00.000Z

Link: CVE-2022-1525

Vulnrichment

Updated: 2024-08-03T00:10:03.434Z

NVD

Status : Modified

Published: 2022-09-06T23:15:08.367

Modified: 2024-11-21T06:40:54.147

Link: CVE-2022-1525

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "3D-A1000 Dimensioning System", "vendor": "Cognex", "versions": [{"lessThanOrEqual": "1.0.3 (3354)", "status": "affected", "version": "all", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Tri Quach, Shanil Prasad, Brandon Park, and Nishith Sinha reported these vulnerabilities to CISA."}], "descriptions": [{"lang": "en", "value": "The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (3354) and prior is vulnerable to CWE-602: Client-Side Enforcement of Server-Side Security, which could allow attackers to bypass web access controls by inspecting and modifying the source code of password protected web elements."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-602", "description": "CWE-602 Client-Side Enforcement of Server-Side Security", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-09-06T22:19:13.000Z", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-249-03"}], "source": {"discovery": "UNKNOWN"}, "title": "Cognex 3D-A1000 Dimensioning System Client-Side Enforcement of Server-Side Security", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2022-1525", "STATE": "PUBLIC", "TITLE": "Cognex 3D-A1000 Dimensioning System Client-Side Enforcement of Server-Side Security"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "3D-A1000 Dimensioning System", "version": {"version_data": [{"version_affected": "<=", "version_name": "all", "version_value": "1.0.3 (3354)"}]}}]}, "vendor_name": "Cognex"}]}}, "credit": [{"lang": "eng", "value": "Tri Quach, Shanil Prasad, Brandon Park, and Nishith Sinha reported these vulnerabilities to CISA."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (3354) and prior is vulnerable to CWE-602: Client-Side Enforcement of Server-Side Security, which could allow attackers to bypass web access controls by inspecting and modifying the source code of password protected web elements."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-602 Client-Side Enforcement of Server-Side Security"}]}]}, "references": {"reference_data": [{"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-249-03", "refsource": "MISC", "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-249-03"}]}, "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:10:03.434Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-249-03"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-16T15:53:34.011709Z", "id": "CVE-2022-1525", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-16T16:10:27.445Z"}}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2022-1525", "datePublished": "2022-09-06T22:19:13.000Z", "dateReserved": "2022-04-28T00:00:00.000Z", "dateUpdated": "2025-04-16T16:10:27.445Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-249-03", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:10:03.434Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-1525", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-04-16T15:53:34.011709Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-16T15:53:36.384Z"}}], "cna": {"title": "Cognex 3D-A1000 Dimensioning System Client-Side Enforcement of Server-Side Security", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "value": "Tri Quach, Shanil Prasad, Brandon Park, and Nishith Sinha reported these vulnerabilities to CISA."}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Cognex", "product": "3D-A1000 Dimensioning System", "versions": [{"status": "affected", "version": "all", "versionType": "custom", "lessThanOrEqual": "1.0.3 (3354)"}]}], "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-249-03", "tags": ["x_refsource_MISC"]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "descriptions": [{"lang": "en", "value": "The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (3354) and prior is vulnerable to CWE-602: Client-Side Enforcement of Server-Side Security, which could allow attackers to bypass web access controls by inspecting and modifying the source code of password protected web elements."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-602", "description": "CWE-602 Client-Side Enforcement of Server-Side Security"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2022-09-06T22:19:13.000Z"}, "x_legacyV4Record": {"credit": [{"lang": "eng", "value": "Tri Quach, Shanil Prasad, Brandon Park, and Nishith Sinha reported these vulnerabilities to CISA."}], "impact": {"cvss": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, "source": {"discovery": "UNKNOWN"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_name": "all", "version_value": "1.0.3 (3354)", "version_affected": "<="}]}, "product_name": "3D-A1000 Dimensioning System"}]}, "vendor_name": "Cognex"}]}}, "data_type": "CVE", "generator": {"engine": "Vulnogram 0.0.9"}, "references": {"reference_data": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-249-03", "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-249-03", "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (3354) and prior is vulnerable to CWE-602: Client-Side Enforcement of Server-Side Security, which could allow attackers to bypass web access controls by inspecting and modifying the source code of password protected web elements."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-602 Client-Side Enforcement of Server-Side Security"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-1525", "STATE": "PUBLIC", "TITLE": "Cognex 3D-A1000 Dimensioning System Client-Side Enforcement of Server-Side Security", "ASSIGNER": "ics-cert@hq.dhs.gov"}}}}, "cveMetadata": {"cveId": "CVE-2022-1525", "state": "PUBLISHED", "dateUpdated": "2025-04-16T16:10:27.445Z", "dateReserved": "2022-04-28T00:00:00.000Z", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "datePublished": "2022-09-06T22:19:13.000Z", "assignerShortName": "icscert"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cognex:3d-a1000_dimensioning_system_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "BE25BB24-A1BE-4904-935B-61E84CAAFD81", "versionEndIncluding": "1.0.3\\(3354\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cognex:3d-a1000_dimensioning_system:-:*:*:*:*:*:*:*", "matchCriteriaId": "01F624C6-079A-40BB-BA07-3441A6934850", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (3354) and prior is vulnerable to CWE-602: Client-Side Enforcement of Server-Side Security, which could allow attackers to bypass web access controls by inspecting and modifying the source code of password protected web elements."}, {"lang": "es", "value": "Cognex 3D-A1000 Dimensioning System en versi\u00f3n de firmware 1.0.3 (3354) y anteriores es vulnerable a CWE-602: Aplicaci\u00f3n de la Seguridad del Lado del Cliente al Lado del Servidor, que podr\u00eda permitir a atacantes omitir los controles de acceso a la web al inspeccionar y modificar el c\u00f3digo fuente de los elementos web protegidos por contrase\u00f1a."}], "id": "CVE-2022-1525", "lastModified": "2024-11-21T06:40:54.147", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-09-06T23:15:08.367", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-249-03"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-249-03"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-602"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}