Lucene search

TenableCVE-2023-2758

HistoryMay 31, 2023 - 3:15 p.m.

CVE-2023-2758

2023-05-3115:15:09

CWE-799

tenable

web.nvd.nist.gov

cve-2023-2758

denial of service

vulnerability

contec conprosys

hmi system

nvd

security

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

AI Score

5.3

Confidence

High

EPSS

0.002

Percentile

59.0%

JSON

A denial of service vulnerability exists in Contec CONPROSYS HMI System versions 3.5.2 and prior. When there is a time-zone mismatch in certain configuration files, a remote, unauthenticated attacker may deny logins for an extended period of time.

Affected configurations

Nvd

Node

contecconprosys_hmi_systemRange<3.5.3

VendorProductVersionCPE
contecconprosys_hmi_system*cpe:2.3:a:contec:conprosys_hmi_system:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
contec	conprosys_hmi_system	*	cpe:2.3:a:contec:conprosys_hmi_system::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "CONPROSYS HMI System",
    "vendor": "Contec",
    "versions": [
      {
        "lessThanOrEqual": "3.5.2",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

jvn.jp/en/vu/JVNVU93372935/index.html

www.tenable.com/security/research/tra-2023-21

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

AI Score

5.3

Confidence

High

EPSS

0.002

Percentile

59.0%

JSON

Related for CVE-2023-2758