CWE-117: False Password Change Logs Vulnerability in Cognex 3D-A1000 Dimensioning System

CWE-117: False Password Change Logs Vulnerability in Cognex 3D-A1000 Dimensioning System

CVE-2022-1522 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (3354) and prior is vulnerable to CWE-117: Improper Output Neutralization for Logs, which allows an attacker to create false logs that show the password as having been changed when it is not, complicating forensics.

Learn more about our Web Application Penetration Testing UK.