Cognex In-Sight OPC Server

Plan Patch8.8ICS-CERT ICSA-21-224-01Aug 12, 2021

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Cognex In-Sight OPC Server versions 5.7.4 (96) and prior contain a deserialization vulnerability (CWE-502) that allows remote attackers to gain system-level permissions and escalate privileges. The vulnerability requires user interaction but can be triggered remotely over the network. Successful exploitation could grant an attacker the ability to run arbitrary code on the OPC Server with system privileges, potentially compromising connected vision systems and downstream automation equipment.

What this means

What could happen

A remote attacker could gain system-level permissions on the In-Sight OPC Server, potentially allowing them to execute arbitrary code and escalate privileges to control the vision system and any connected industrial equipment it monitors.

Who's at risk

This affects organizations using Cognex In-Sight OPC Servers for machine vision and quality control in manufacturing, packaging, automotive, and food processing. The OPC Server is often the bridge between vision inspection systems and higher-level automation or SCADA systems, so compromise could affect production processes or safety-critical inspection workflows.

How it could be exploited

An attacker on the network (or Internet if the server is exposed) sends a malicious request that exploits unsafe deserialization (CWE-502) in the OPC Server. This could be triggered through a social engineering vector (the CVSS requires user interaction). Successful exploitation grants the attacker system-level access to the server process, from which they can pivot to compromise vision-guided automation or downstream control systems.

Prerequisites

Network access to the In-Sight OPC Server port (typically port 135 or 912 for OPC)
User interaction required - likely a user must click a malicious link or open a file that triggers the vulnerability

remotely exploitablehigh CVSS score (8.8)requires user interaction but low attack complexityno patch available for affected versions

Exploitability

Low exploit probability (EPSS 0.5%)

Affected products (1)

ProductAffected VersionsFix Status

In-Sight OPC Server: v5.7.4 (96) and prior< 5.7.4 (96)5.9.2 or later

Remediation & Mitigation

0/3

Do now

0/1

WORKAROUNDIf OPC Server cannot be upgraded immediately, isolate it from the business network and Internet using a firewall; allow only trusted engineering workstations to connect

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade In-Sight OPC Server to version 5.9.2 or later

Long-term hardening

0/1

HARDENINGImplement network segmentation to place the OPC Server and any connected vision systems on a separate industrial network segment with restricted access from office/business networks

CVEs (1)

CVE-2021-32935

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/ea426733-32b7-42c2-b380-afa359dc9454