Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Conprosys_hmi_system
(Contec)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 13 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-06-01 | CVE-2023-28713 | Plaintext storage of a password exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. Because account information of the database is saved in a local file in plaintext, a user who can access the PC where the affected product is installed can obtain the information. As a result, information in the database may be obtained and/or altered by the user. | Conprosys_hmi_system | 8.1 | ||
| 2023-06-01 | CVE-2023-28824 | Server-side request forgery vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. A user who can access the affected product with an administrative privilege may bypass the database restriction set on the query setting page, and connect to a user unintended database. | Conprosys_hmi_system | 4.9 | ||
| 2023-06-01 | CVE-2023-29154 | SQL injection vulnerability exists in the CONPROSYS HMI System (CHS) versions prior to 3.5.3. A user who can access the affected product with an administrative privilege may execute an arbitrary SQL command via specially crafted input to the query setting page. | Conprosys_hmi_system | 7.2 | ||
| 2022-12-19 | CVE-2022-44456 | CONPROSYS HMI System (CHS) Ver.3.4.4?and earlier allows a remote unauthenticated attacker to execute an arbitrary OS command on the server where the product is running by sending a specially crafted request. | Conprosys_hmi_system | 9.8 | ||
| 2023-01-20 | CVE-2023-22339 | Improper access control vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote unauthenticated attacker to bypass access restriction and obtain the server certificate including the private key of the product. | Conprosys_hmi_system | 7.5 | ||
| 2023-01-20 | CVE-2023-22373 | Cross-site scripting vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote authenticated attacker to inject an arbitrary script and obtain the sensitive information. | Conprosys_hmi_system | 5.4 | ||
| 2023-01-20 | CVE-2023-22331 | Use of default credentials vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote unauthenticated attacker to alter user credentials information. | Conprosys_hmi_system | 7.5 | ||
| 2023-01-20 | CVE-2023-22334 | Use of password hash instead of password for authentication vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote authenticated attacker to obtain user credentials information via a man-in-the-middle attack. | Conprosys_hmi_system | 5.3 | ||
| 2023-01-30 | CVE-2023-22324 | SQL injection vulnerability in the CONPROSYS HMI System (CHS) Ver.3.5.0 and earlier allows a remote authenticated attacker to execute an arbitrary SQL command. As a result, information stored in the database may be obtained. | Conprosys_hmi_system | 6.5 | ||
| 2023-05-31 | CVE-2023-2758 | A denial of service vulnerability exists in Contec CONPROSYS HMI System versions 3.5.2 and prior. When there is a time-zone mismatch in certain configuration files, a remote, unauthenticated attacker may deny logins for an extended period of time. | Conprosys_hmi_system | 5.3 |