Cognex In-Sight Explorer and In-Sight Camera Firmware

Plan PatchCVSS 8.8ICS-CERT ICSA-25-261-06Sep 18, 2025

Attack path

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Multiple vulnerabilities in Cognex In-Sight Explorer software and In-Sight camera firmware versions 5.x through 6.5.1 allow authenticated attackers to disclose sensitive information, steal credentials, modify files, or cause denial-of-service. Vulnerabilities include hardcoded credentials (CWE-259), cleartext credential transmission (CWE-319), insecure file permissions (CWE-276 and CWE-732), weak credential validation (CWE-307 and CWE-294), and insecure protocol configuration (CWE-602). These issues could allow an attacker with network access and valid credentials to execute arbitrary commands or firmware modifications on affected systems.

What this means

What could happen

An attacker with network access and valid credentials could execute commands on Cognex In-Sight vision system cameras and the Explorer software, potentially stealing process images, modifying vision inspection logic, or disrupting production quality control operations.

Who's at risk

Machine vision operators and plant engineers managing Cognex In-Sight Explorer-based quality control systems across manufacturing (automotive, food and beverage, pharmaceutical, electronics assembly), packaging lines, and other production environments using embedded In-Sight 2000, 7000, 8000, or 9000 series cameras for defect detection and process monitoring.

How it could be exploited

An attacker on the same network as an In-Sight camera or Explorer workstation could authenticate using stolen or default credentials, then upload malicious firmware or modify system files to gain full device control. The vision system would then execute attacker-controlled inspection logic or fail to perform quality checks.

Prerequisites

Network access to the In-Sight camera or Explorer software port (typically HTTP/HTTPS or proprietary vision system management protocols)
Valid user credentials for the target In-Sight system
Product firmware version 5.x through 6.5.1

Remotely exploitableAuthentication required (valid credentials)Low complexity attackNo patch available (end-of-life product)Credential theft risk from multiple vulnerabilitiesAffects production quality control

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (5)

5 EOL

ProductAffected VersionsFix Status

In-Sight 9000 series: >=5.x|<=6.5.1≥ 5.x|≤ 6.5.1No fix (EOL)

In-Sight 2000 series: >=5.x|<=6.5.1≥ 5.x|≤ 6.5.1No fix (EOL)

In-Sight 7000 series: >=5.x|<=6.5.1≥ 5.x|≤ 6.5.1No fix (EOL)

In-Sight 8000 series: >=5.x|<=6.5.1≥ 5.x|≤ 6.5.1No fix (EOL)

In-Sight Explorer: >=5.x|<=6.5.1≥ 5.x|≤ 6.5.1No fix (EOL)

Remediation & Mitigation

0/5

Do now

0/2

WORKAROUNDRestrict network access to In-Sight cameras and Explorer software by implementing firewall rules to allow connections only from authorized engineering workstations and maintenance terminals

WORKAROUNDDisable remote access to In-Sight cameras and Explorer unless explicitly required; if remote access is necessary, require VPN with multi-factor authentication

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGEnforce strong, unique credentials on all In-Sight systems and disable any default accounts; implement password complexity requirements

Long-term hardening

0/1

HOTFIXMigrate to next-generation In-Sight Vision Suite systems (In-Sight 2800, 3800, or 8900 series) to replace legacy In-Sight Explorer-based infrastructure

Mitigations - no patch available

0/1

The following products have reached End of Life with no planned fix: In-Sight 9000 series: >=5.x|<=6.5.1, In-Sight 2000 series: >=5.x|<=6.5.1, In-Sight 7000 series: >=5.x|<=6.5.1, In-Sight 8000 series: >=5.x|<=6.5.1, In-Sight Explorer: >=5.x|<=6.5.1. Apply the following compensating controls:

HARDENINGIsolate In-Sight vision system network from business IT network using a dedicated production control segment or VLAN

CVEs (9)

CVE-2025-54754 CVE-2025-47698 CVE-2025-53947 CVE-2025-54860 CVE-2025-52873 CVE-2025-54497 CVE-2025-54818 CVE-2025-54810 CVE-2025-53969

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/92928986-7f49-44f3-b14c-101be407ef9f

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.