Lucene search
K

177 matches found

CVE
CVE
added 2023/01/20 12:0 a.m.59 views

CVE-2023-22373

CVE-2023-22373 affects CONPROSYS HMI System (CHS) up to version 3.4.5. The vulnerability is a Cross-site Scripting (CWE-79) in the web interface used by the administrative user, allowing a remote authenticated attacker to inject arbitrary scripts and potentially obtain sensitive information. Vend...

5.4CVSS5.2AI score0.01871EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2023/01/20 12:0 a.m.31 views

CVE-2023-22331

Use of default credentials vulnerability in CONPROSYS HMI System CHS Ver.3.4.5 and earlier allows a remote unauthenticated attacker to alter user credentials information...

7.8AI score0.01008EPSS
Exploits0References4
CVE
CVE
added 2023/01/20 12:0 a.m.66 views

CVE-2023-22334

CVE-2023-22334 affects CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier. The root issue is use of a password hash instead of the actual password for authentication, which can allow a remote authenticated attacker to obtain user credentials information via a man-in-the-middle attack. Affected advi...

5.3CVSS5.1AI score0.00879EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2023/01/20 12:0 a.m.6 views

CVE-2023-22373

Cross-site scripting vulnerability in CONPROSYS HMI System CHS Ver.3.4.5 and earlier allows a remote authenticated attacker to inject an arbitrary script and obtain the sensitive information...

6.3AI score0.01871EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/01/20 12:0 a.m.5 views

CVE-2023-22334

Use of password hash instead of password for authentication vulnerability in CONPROSYS HMI System CHS Ver.3.4.5 and earlier allows a remote authenticated attacker to obtain user credentials information via a man-in-the-middle attack...

6.5AI score0.00879EPSS
Exploits0References4
CVE
CVE
added 2023/01/20 12:0 a.m.88 views

CVE-2023-22339

CONPROSYS HMI System (CHS) by Contec is affected by CVE-2023-22339 due to improper access control in 3.4.5 and earlier. This vulnerability could let a remote unauthenticated attacker bypass access restrictions and obtain the server certificate, including the private key. Affected versions: 3.4.5 ...

7.5CVSS7.5AI score0.01137EPSS
Exploits0References4Affected Software1
The Hacker News
The Hacker News
added 2023/01/18 5:56 a.m.90 views

CISA Warns of Flaws in Siemens, GE Digital, and Contec Industrial Control Systems

The U.S. Cybersecurity and Infrastructure Security Agency CISA has published four Industrial Control Systems ICS advisories, calling out several security flaws affecting products from Siemens, GE Digital, and Contec. The most critical of the issues have been identified in Siemens SINEC INS that...

10CVSS1.2AI score0.95764EPSS
Exploits5
CISA
CISA
added 2023/01/17 12:0 a.m.20 views

CISA Releases Four Industrial Control Systems Advisories

CISA released four Industrial Control Systems ICS advisories on January 17, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for...

1.4AI score
Exploits0References4
NVD
NVD
added 2022/12/19 3:15 a.m.18 views

CVE-2022-44456

CONPROSYS HMI System CHS Ver.3.4.4?and earlier allows a remote unauthenticated attacker to execute an arbitrary OS command on the server where the product is running by sending a specially crafted request...

9.8CVSS0.69877EPSS
Exploits0References3
OSV
OSV
added 2022/12/19 3:15 a.m.1 views

CVE-2022-44456

CONPROSYS HMI System CHS Ver.3.4.4?and earlier allows a remote unauthenticated attacker to execute an arbitrary OS command on the server where the product is running by sending a specially crafted request...

9.8CVSS6AI score
Exploits0References3
Prion
Prion
added 2022/12/19 3:15 a.m.32 views

Design/Logic Flaw

CONPROSYS HMI System CHS Ver.3.4.4?and earlier allows a remote unauthenticated attacker to execute an arbitrary OS command on the server where the product is running by sending a specially crafted request...

7.5CVSS9.7AI score0.69877EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2022/12/19 12:0 a.m.7 views

PT-2022-27222 · Unknown · Conprosys Hmi System

Name of the Vulnerable Software and Affected Versions: CONPROSYS HMI System CHS versions 3.4.4 and earlier Description: The issue allows a remote unauthenticated attacker to execute an arbitrary OS command on the server where the product is running by sending a specially crafted request...

9.8CVSS9.6AI score0.69877EPSS
Exploits0References4
CVE
CVE
added 2022/12/19 12:0 a.m.74 views

CVE-2022-44456

CONTEC CONPROSYS HMI System (CHS) versions 3.4.4 and earlier are affected by CVE-2022-44456, an OS command injection vulnerability that allows a remote unauthenticated attacker to execute arbitrary OS commands on the server by sending a specially crafted request. Reported impact is remote code ex...

9.8CVSS9.6AI score0.69877EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2022/12/19 12:0 a.m.7 views

CVE-2022-44456

CONPROSYS HMI System CHS Ver.3.4.4?and earlier allows a remote unauthenticated attacker to execute an arbitrary OS command on the server where the product is running by sending a specially crafted request...

7.5AI score0.69877EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/12/19 12:0 a.m.23 views

CVE-2022-44456

CONPROSYS HMI System CHS Ver.3.4.4?and earlier allows a remote unauthenticated attacker to execute an arbitrary OS command on the server where the product is running by sending a specially crafted request...

9.8AI score0.69877EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/12/14 12:0 a.m.3 views

Contec CONPROSYS HMI System 安全漏洞

Contec CONPROSYS HMI System is an HTML5 technology-based HMI Human Machine Interface/SCADA Supervisory Control and Data Acquisition software product from Contec Japan. A security vulnerability exists in CONPROSYS HMI System CHS, which arises from the use of default credentials, where user...

7.5CVSS7.7AI score0.01008EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/12/14 12:0 a.m.5 views

Contec CONPROSYS HMI System 跨站脚本漏洞

Contec CONPROSYS HMI System is an HTML5-based HMI Human Machine Interface/SCADA Supervisory Control and Data Acquisition software product from Contec Japan. A cross-site scripting vulnerability exists in CONPROSYS HMI System CHS, which can be exploited by an attacker to execute arbitrary script o...

5.4CVSS6.9AI score0.01871EPSS
Exploits0References6
Rows per page
Query Builder