Some of the industrial cameras made by Cognex are affected by potentially serious vulnerabilities, but they will not receive a patch.
The cybersecurity agency CISA informed organizations about the vulnerabilities, which impact In-Sight products, with an advisory published on September 18.
Cognex, a company based in the United States, designs and manufactures machine vision and barcode scanner solutions for industrial facilities. The industrial cameras made by the company are used to guide robots on production lines, inspect items for quality issues, and track items.
CISA noted that the company’s solutions are used worldwide, including in critical manufacturing, which is designated as a critical infrastructure sector.
Industrial cybersecurity firm Nozomi Networks, whose researchers discovered the vulnerabilities, has disclosed additional details this week.
Nine vulnerabilities have been found to affect In-Sight 2000, 7000, 8000, and 9000 vision systems and the In-Sight Explorer client software that provides the interface for accessing devices. Nozomi has conducted its tests on a Cognex IS2000M-120 camera.
The list of flaws includes hardcoded password, cleartext transmission of sensitive information, incorrect default permission, DoS, privilege escalation, and authentication bypass weaknesses. A majority have been assigned a ‘high severity’ rating.
Since the vulnerable cameras are typically used in closed environments, the vulnerabilities cannot be exploited directly from the internet. However, an attacker who has gained access to the network housing Cognex cameras can exploit the vulnerabilities to hack cameras and associated systems.
Nozomi has described three theoretical attack scenarios involving these vulnerabilities. In one scenario, an unauthenticated attack with access to the network segment housing the camera can conduct a man-in-the-middle (MitM) attack and exploit two of the vulnerabilities to intercept a user’s credentials and decrypt them. The attacker can then use the credentials to gain access to the system.
In the second scenario described by the security firm, an attacker with low privileges can exploit one of the vulnerabilities to gain admin permissions.
In the third attack scenario, a low-privileged attacker with access to the engineering workstation hosting In-Sight Explorer exploits one of the vulnerabilities to cause significant disruptions.
CISA and Nozomi indicated that Cognex will not be releasing patches, arguing that the vulnerabilities impact legacy products that are not meant to be used for new applications. The vendor recommends migrating to the newer In-Sight 2800, 3800, and 8900 series cameras.
Nozomi pointed out that the impacted cameras are still widely used. Organizations that cannot immediately replace vulnerable products — replacing systems in industrial environments is in many cases not an easy task — can implement a series of mitigations to reduce risks.
Mitigations recommended by Nozomi and CISA include limiting network exposure, segmenting control networks and isolating them from business networks, and using VPNs when remote access is required. In addition, organizations can use specialized cybersecurity products that can detect and block such attacks.
Related: Unpatched Vulnerabilities Expose Novakon HMIs to Remote Hacking
Related: DELMIA Factory Software Vulnerability Exploited in Attacks
Related: ICS Patch Tuesday: Rockwell Automation Leads With 8 Security Advisories
