CVE-2022-1522 - OpenCVE

The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (3354) and prior is vulnerable to CWE-117: Improper Output Neutralization for Logs, which allows an attacker to create false logs that show the password as having been changed when it is not, complicating forensics.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cognex	3d-a1000 Dimensioning System 3d-a1000 Dimensioning System Firmware

Configuration 1 [-]

AND

cpe:2.3:h:cognex:3d-a1000_dimensioning_system:-:*:*:*:*:*:*:*

cpe:2.3:o:cognex:3d-a1000_dimensioning_system_firmware:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.cisa.gov/uscert/ics/advisories/icsa-22-249-03

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2022-09-06T22:19:13

Updated: 2024-08-03T00:10:02.959Z

Reserved: 2022-04-28T00:00:00

Link: CVE-2022-1522

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-09-06T23:15:08.307

Modified: 2022-09-12T14:00:10.310

Link: CVE-2022-1522

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "3D-A1000 Dimensioning System", "vendor": "Cognex", "versions": [{"lessThanOrEqual": "1.0.3 (3354)", "status": "affected", "version": "all", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Tri Quach, Shanil Prasad, Brandon Park, and Nishith Sinha reported these vulnerabilities to CISA."}], "descriptions": [{"lang": "en", "value": "The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (3354) and prior is vulnerable to CWE-117: Improper Output Neutralization for Logs, which allows an attacker to create false logs that show the password as having been changed when it is not, complicating forensics."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-117", "description": "CWE-117 Improper Output Neutralization for Logs", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-09-06T22:19:13", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-249-03"}], "source": {"discovery": "UNKNOWN"}, "title": "Cognex 3D-A1000 Dimensioning System Improper Output Neutralization for Logs", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2022-1522", "STATE": "PUBLIC", "TITLE": "Cognex 3D-A1000 Dimensioning System Improper Output Neutralization for Logs"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "3D-A1000 Dimensioning System", "version": {"version_data": [{"version_affected": "<=", "version_name": "all", "version_value": "1.0.3 (3354)"}]}}]}, "vendor_name": "Cognex"}]}}, "credit": [{"lang": "eng", "value": "Tri Quach, Shanil Prasad, Brandon Park, and Nishith Sinha reported these vulnerabilities to CISA."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (3354) and prior is vulnerable to CWE-117: Improper Output Neutralization for Logs, which allows an attacker to create false logs that show the password as having been changed when it is not, complicating forensics."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-117 Improper Output Neutralization for Logs"}]}]}, "references": {"reference_data": [{"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-249-03", "refsource": "MISC", "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-249-03"}]}, "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:10:02.959Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-249-03"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2022-1522", "datePublished": "2022-09-06T22:19:13", "dateReserved": "2022-04-28T00:00:00", "dateUpdated": "2024-08-03T00:10:02.959Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:cognex:3d-a1000_dimensioning_system:-:*:*:*:*:*:*:*", "matchCriteriaId": "01F624C6-079A-40BB-BA07-3441A6934850", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:cognex:3d-a1000_dimensioning_system_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "BE25BB24-A1BE-4904-935B-61E84CAAFD81", "versionEndIncluding": "1.0.3\\(3354\\)", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (3354) and prior is vulnerable to CWE-117: Improper Output Neutralization for Logs, which allows an attacker to create false logs that show the password as having been changed when it is not, complicating forensics."}, {"lang": "es", "value": "Cognex 3D-A1000 Dimensioning System en versi\u00f3n de firmware 1.0.3 (3354) y anteriores, es vulnerable a CWE-117: Neutralizaci\u00f3n Inadecuada de la Salida de los Registros, que permite a un atacante crear registros falsos que muestren que la contrase\u00f1a ha sido cambiada cuando no es as\u00ed, complicando los an\u00e1lisis forenses."}], "id": "CVE-2022-1522", "lastModified": "2022-09-12T14:00:10.310", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2022-09-06T23:15:08.307", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-249-03"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-117"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}]}