177 matches found
Contec CONPROSYS HMI System 安全漏洞
Contec CONPROSYS HMI System is an HTML5 technology-based HMI Human Machine Interface/SCADA Supervisory Control and Data Acquisition software product from Contec Japan. A security vulnerability exists in Contec CONPROSYS HMI System versions prior to 3.5.3, which stems from an incorrect assignment ...
Contec CONPROSYS HMI System 跨站脚本漏洞
Contec CONPROSYS HMI System is an HTML5-based HMI Human Machine Interface/SCADA Supervisory Control and Data Acquisition software product from Contec Japan. A security vulnerability exists in Contec CONPROSYS HMI System versions prior to 3.5.3, which stems from a cross-site scripting vulnerabilit...
Contec CONPROSYS HMI System 安全漏洞
Contec CONPROSYS HMI System is an HTML5 technology-based HMI Human Machine Interface/SCADA Supervisory Control and Data Acquisition software product from Contec Japan. A security vulnerability exists in Contec CONPROSYS HMI System versions prior to 3.5.3, which stems from database account details...
Contec CONPROSYS HMI System 代码问题漏洞
Contec CONPROSYS HMI System is an HTML5-based HMI Human Machine Interface/SCADA Supervisory Control and Data Acquisition software product from Contec Japan. A security vulnerability exists in Contec CONPROSYS HMI System versions prior to 3.5.3 that stems from a server-side request forgery...
Contec CONPROSYS HMI System SQL注入漏洞
Contec CONPROSYS HMI System is an HTML5-based HMI Human Machine Interface/SCADA Supervisory Control and Data Acquisition software product from Contec Japan. A security vulnerability exists in Contec CONPROSYS HMI System versions prior to 3.5.3, which originates from the presence of SQL injection...
Contec CONPROSYS HMI System 安全漏洞
Contec CONPROSYS HMI System is an HTML5-based HMI Human Machine Interface/SCADA Supervisory Control and Data Acquisition software product from Contec Japan. A security vulnerability exists in Contec CONPROSYS HMI System version 3.5.2 and earlier, which stems from the presence of a denial of servi...
PT-2023-21222 · Contec · Contec Conprosys Hmi System
Name of the Vulnerable Software and Affected Versions: Contec CONPROSYS HMI System versions 3.5.2 and prior Description: A denial of service issue exists due to a time-zone mismatch in certain configuration files. This allows a remote, unauthenticated attacker to deny logins for an extended perio...
PT-2023-3009 · Unknown · Conprosys Hmi System
Name of the Vulnerable Software and Affected Versions: CONPROSYS HMI System CHS versions prior to 3.5.3 Description: A server-side request forgery issue exists, allowing an attacker with administrative privileges to bypass database restrictions and connect to unintended databases. The vulnerabili...
CVE-2023-27389
Inadequate encryption strength vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker with an administrative privilege to apply a specially crafted Firmware update file, alter the information, cause a denial-of-service DoS condition, and/or execute arbitrary code...
CVE-2023-27389
Inadequate encryption strength vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker with an administrative privilege to apply a specially crafted Firmware update file, alter the information, cause a denial-of-service DoS condition, and/or execute arbitrary code...
CVE-2023-27917
OS command injection vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker who can access Network Maintenance page to execute arbitrary OS commands with a root privilege. The affected products and versions are as follows: M2M Gateway with the firmware Ver.3.7.10 a...
CVE-2023-23575
Improper access control vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker to bypass access restriction and access Network Maintenance page, which may result in obtaining the network information of the product. The affected products and versions are as follows:...
CVE-2023-23575
Improper access control vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker to bypass access restriction and access Network Maintenance page, which may result in obtaining the network information of the product. The affected products and versions are as follows:...
Improper access control
Improper access control vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker to bypass access restriction and access Network Maintenance page, which may result in obtaining the network information of the product. The affected products and versions are as follows:...
Design/Logic Flaw
Inadequate encryption strength vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker with an administrative privilege to apply a specially crafted Firmware update file, alter the information, cause a denial-of-service DoS condition, and/or execute arbitrary code...
CVE-2023-27389
Inadequate encryption strength vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker with an administrative privilege to apply a specially crafted Firmware update file, alter the information, cause a denial-of-service DoS condition, and/or execute arbitrary code...
CVE-2023-27917
OS command injection vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker who can access Network Maintenance page to execute arbitrary OS commands with a root privilege. The affected products and versions are as follows: M2M Gateway with the firmware Ver.3.7.10 a...
CVE-2023-23575
Improper access control vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker to bypass access restriction and access Network Maintenance page, which may result in obtaining the network information of the product. The affected products and versions are as follows:...
CVE-2023-27389
The CVE-2023-27389 entry describes an Inadequate Encryption Strength vulnerability in CONPROSYS IoT Gateway products. A remote authenticated attacker with administrative privileges can use a crafted firmware update to alter information, trigger a denial-of-service, and/or execute arbitrary code. ...
CVE-2023-27917
Affected products and versions : CONPROSYS IoT Gateway family—M2M Gateway (firmware 3.7.10 and earlier), M2M Controller Integrated Type (3.7.6 and earlier), and M2M Controller Configurable Type (3.8.8 and earlier). Root cause : an input validation weakness on the Network Maintenance page allows a...