Vulnerability Details : CVE-2022-1522
The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (3354) and prior is vulnerable to CWE-117: Improper Output Neutralization for Logs, which allows an attacker to create false logs that show the password as having been changed when it is not, complicating forensics.
Products affected by CVE-2022-1522
- cpe:2.3:o:cognex:3d-a1000_dimensioning_system_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-1522
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 29 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-1522
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
3.9
|
1.4
|
ICS-CERT | |
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
3.9
|
1.4
|
NIST |
CWE ids for CVE-2022-1522
-
The product does not neutralize or incorrectly neutralizes output that is written to logs.Assigned by: ics-cert@hq.dhs.gov (Primary)
References for CVE-2022-1522
-
https://www.cisa.gov/uscert/ics/advisories/icsa-22-249-03
Cognex 3D-A1000 Dimensioning System | CISAThird Party Advisory;US Government Resource
Jump to