177 matches found
CVE-2023-22373
CVE-2023-22373 affects CONPROSYS HMI System (CHS) up to version 3.4.5. The vulnerability is a Cross-site Scripting (CWE-79) in the web interface used by the administrative user, allowing a remote authenticated attacker to inject arbitrary scripts and potentially obtain sensitive information. Vend...
CVE-2023-22331
Use of default credentials vulnerability in CONPROSYS HMI System CHS Ver.3.4.5 and earlier allows a remote unauthenticated attacker to alter user credentials information...
CVE-2023-22334
CVE-2023-22334 affects CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier. The root issue is use of a password hash instead of the actual password for authentication, which can allow a remote authenticated attacker to obtain user credentials information via a man-in-the-middle attack. Affected advi...
CVE-2023-22373
Cross-site scripting vulnerability in CONPROSYS HMI System CHS Ver.3.4.5 and earlier allows a remote authenticated attacker to inject an arbitrary script and obtain the sensitive information...
CVE-2023-22334
Use of password hash instead of password for authentication vulnerability in CONPROSYS HMI System CHS Ver.3.4.5 and earlier allows a remote authenticated attacker to obtain user credentials information via a man-in-the-middle attack...
CVE-2023-22339
CONPROSYS HMI System (CHS) by Contec is affected by CVE-2023-22339 due to improper access control in 3.4.5 and earlier. This vulnerability could let a remote unauthenticated attacker bypass access restrictions and obtain the server certificate, including the private key. Affected versions: 3.4.5 ...
CISA Warns of Flaws in Siemens, GE Digital, and Contec Industrial Control Systems
The U.S. Cybersecurity and Infrastructure Security Agency CISA has published four Industrial Control Systems ICS advisories, calling out several security flaws affecting products from Siemens, GE Digital, and Contec. The most critical of the issues have been identified in Siemens SINEC INS that...
CISA Releases Four Industrial Control Systems Advisories
CISA released four Industrial Control Systems ICS advisories on January 17, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for...
CVE-2022-44456
CONPROSYS HMI System CHS Ver.3.4.4?and earlier allows a remote unauthenticated attacker to execute an arbitrary OS command on the server where the product is running by sending a specially crafted request...
CVE-2022-44456
CONPROSYS HMI System CHS Ver.3.4.4?and earlier allows a remote unauthenticated attacker to execute an arbitrary OS command on the server where the product is running by sending a specially crafted request...
Design/Logic Flaw
CONPROSYS HMI System CHS Ver.3.4.4?and earlier allows a remote unauthenticated attacker to execute an arbitrary OS command on the server where the product is running by sending a specially crafted request...
PT-2022-27222 · Unknown · Conprosys Hmi System
Name of the Vulnerable Software and Affected Versions: CONPROSYS HMI System CHS versions 3.4.4 and earlier Description: The issue allows a remote unauthenticated attacker to execute an arbitrary OS command on the server where the product is running by sending a specially crafted request...
CVE-2022-44456
CONTEC CONPROSYS HMI System (CHS) versions 3.4.4 and earlier are affected by CVE-2022-44456, an OS command injection vulnerability that allows a remote unauthenticated attacker to execute arbitrary OS commands on the server by sending a specially crafted request. Reported impact is remote code ex...
CVE-2022-44456
CONPROSYS HMI System CHS Ver.3.4.4?and earlier allows a remote unauthenticated attacker to execute an arbitrary OS command on the server where the product is running by sending a specially crafted request...
CVE-2022-44456
CONPROSYS HMI System CHS Ver.3.4.4?and earlier allows a remote unauthenticated attacker to execute an arbitrary OS command on the server where the product is running by sending a specially crafted request...
Contec CONPROSYS HMI System 安全漏洞
Contec CONPROSYS HMI System is an HTML5 technology-based HMI Human Machine Interface/SCADA Supervisory Control and Data Acquisition software product from Contec Japan. A security vulnerability exists in CONPROSYS HMI System CHS, which arises from the use of default credentials, where user...
Contec CONPROSYS HMI System 跨站脚本漏洞
Contec CONPROSYS HMI System is an HTML5-based HMI Human Machine Interface/SCADA Supervisory Control and Data Acquisition software product from Contec Japan. A cross-site scripting vulnerability exists in CONPROSYS HMI System CHS, which can be exploited by an attacker to execute arbitrary script o...