CVE-2022-1522

The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (3354) and prior is vulnerable to CWE-117: Improper Output Neutralization for Logs, which allows an attacker to create false logs that show the password as having been changed when it is not, complicating forensics.
References
Link Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-249-03 Third Party Advisory US Government Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-249-03 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:cognex:3d-a1000_dimensioning_system_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cognex:3d-a1000_dimensioning_system:-:*:*:*:*:*:*:*

History

21 Nov 2024, 06:40

Type Values Removed Values Added
References () https://www.cisa.gov/uscert/ics/advisories/icsa-22-249-03 - Third Party Advisory, US Government Resource () https://www.cisa.gov/uscert/ics/advisories/icsa-22-249-03 - Third Party Advisory, US Government Resource

12 Sep 2022, 14:00

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.3
CPE cpe:2.3:o:cognex:3d-a1000_dimensioning_system_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cognex:3d-a1000_dimensioning_system:-:*:*:*:*:*:*:*
References (MISC) https://www.cisa.gov/uscert/ics/advisories/icsa-22-249-03 - (MISC) https://www.cisa.gov/uscert/ics/advisories/icsa-22-249-03 - Third Party Advisory, US Government Resource

06 Sep 2022, 23:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-09-06 23:15

Updated : 2024-11-21 06:40


NVD link : CVE-2022-1522

Mitre link : CVE-2022-1522

CVE.ORG link : CVE-2022-1522


JSON object : View

Products Affected

cognex

  • 3d-a1000_dimensioning_system
  • 3d-a1000_dimensioning_system_firmware
CWE
CWE-117

Improper Output Neutralization for Logs