Cognex In-Sight Explorer and In-Sight Camera Firmware

Plan Patch8.8ICS-CERT ICSA-25-261-06Sep 18, 2025

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Cognex In-Sight Explorer vision systems and in-camera firmware (2000/7000/8000/9000 series, versions 5.x through 6.5.1) contain multiple security vulnerabilities in credential storage, file access controls, and authentication mechanisms. These weaknesses include hardcoded credentials (CWE-259), unencrypted credential transmission (CWE-319), and improper file permissions (CWE-732). Successful exploitation by an authenticated attacker could result in disclosure of sensitive information, credential theft, unauthorized modification of inspection configurations, or denial of vision system operations.

What this means

What could happen

An attacker with network access and valid credentials could extract sensitive information, steal credentials used by the vision system, modify configuration files or images, or disrupt camera operations and automated inspection processes.

Who's at risk

Water and wastewater utilities, food and beverage processing plants, and manufacturing facilities using Cognex In-Sight 2000/7000/8000/9000 series vision cameras or In-Sight Explorer software for automated quality inspection, barcode scanning, or machine vision applications.

How it could be exploited

An attacker on the network segment containing the vision camera would need valid engineering or operator credentials to log in to the camera or In-Sight Explorer software. Once authenticated, the attacker could access the web interface or file system to extract credentials, modify inspection settings, or stop the camera from processing images.

Prerequisites

Network access to the In-Sight camera (typically on port 80/443 or port 502 for Ethernet/IP)
Valid engineering workstation or operator credentials for the vision system
Access to the In-Sight Explorer software interface or camera web interface

No patch available for affected productsLegacy/end-of-life products not intended for new applicationsRequires authentication but uses legacy credential storageHigh CVSS score (8.8)

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (5)

5 EOL

ProductAffected VersionsFix Status

In-Sight 9000 series: >=5.x|<=6.5.1≥ 5.x|≤ 6.5.1No fix (EOL)

In-Sight 2000 series: >=5.x|<=6.5.1≥ 5.x|≤ 6.5.1No fix (EOL)

In-Sight 7000 series: >=5.x|<=6.5.1≥ 5.x|≤ 6.5.1No fix (EOL)

In-Sight 8000 series: >=5.x|<=6.5.1≥ 5.x|≤ 6.5.1No fix (EOL)

In-Sight Explorer: >=5.x|<=6.5.1≥ 5.x|≤ 6.5.1No fix (EOL)

Remediation & Mitigation

0/5

Do now

0/4

HARDENINGRestrict network access to In-Sight cameras by placing them on a dedicated OT network segment behind a firewall

HARDENINGBlock internet-facing access to vision cameras; ensure they are not accessible from your business network or the internet

WORKAROUNDIf remote access to vision cameras is required, use a VPN connection and keep the VPN client and firmware updated to the latest versions

HARDENINGReview and rotate credentials used to access In-Sight cameras and Explorer software; disable default credentials

Mitigations - no patch available

0/1

The following products have reached End of Life with no planned fix: In-Sight 9000 series: >=5.x|<=6.5.1, In-Sight 2000 series: >=5.x|<=6.5.1, In-Sight 7000 series: >=5.x|<=6.5.1, In-Sight 8000 series: >=5.x|<=6.5.1, In-Sight Explorer: >=5.x|<=6.5.1. Apply the following compensating controls:

HARDENINGReplace legacy In-Sight Explorer-based vision systems with next-generation In-Sight Vision Suite products (In-Sight 2800, 3800, or 8900 series cameras)

CVEs (9)

CVE-2025-54754 CVE-2025-47698 CVE-2025-53947 CVE-2025-54860 CVE-2025-52873 CVE-2025-54497 CVE-2025-54818 CVE-2025-54810 CVE-2025-53969

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/92928986-7f49-44f3-b14c-101be407ef9f