Lucene search
K

173 matches found

NVD
NVD
added 2025/07/01 6:15 p.m.5 views

CVE-2025-34080

The Contec Co.,Ltd. CONPROSYS HMI System CHS is vulnerable to Cross-Site Scripting XSS in the getqsetting.php functionality that could allow reflected execution of scripts in the browser on interaction.This issue affects CONPROSYS HMI System CHS: before 3.7.7...

6.1CVSS0.01083EPSS
Exploits0References2
NVD
NVD
added 2025/07/01 6:15 p.m.6 views

CVE-2025-34081

The Contec Co.,Ltd. CONPROSYS HMI System CHS exposes a PHP phpinfo debug page to unauthenticated users that may contain sensitive data useful for an attacker.This issue affects CONPROSYS HMI System CHS: before 3.7.7...

7.5CVSS0.00599EPSS
Exploits0References2
OSV
OSV
added 2025/07/01 6:15 p.m.4 views

CVE-2025-34080

The Contec Co.,Ltd. CONPROSYS HMI System CHS is vulnerable to Cross-Site Scripting XSS in the getqsetting.php functionality that could allow reflected execution of scripts in the browser on interaction.This issue affects CONPROSYS HMI System CHS: before 3.7.7...

6.1CVSS6.5AI score0.01083EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/07/01 5:51 p.m.4 views

CVE-2025-34080 CONPROSYS HMI System (CHS) < 3.7.7 Reflected Cross-Site Scripting

The Contec Co.,Ltd. CONPROSYS HMI System CHS is vulnerable to Cross-Site Scripting XSS in the getqsetting.php functionality that could allow reflected execution of scripts in the browser on interaction.This issue affects CONPROSYS HMI System CHS: before 3.7.7...

5.1CVSS6.2AI score0.01083EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/07/01 12:0 a.m.4 views

Contec CONPROSYS HMI System 安全漏洞

Contec CONPROSYS HMI System is an HMI Human Machine Interface/SCADA Supervisory Control and Data Acquisition software product based on HTML5 technology from Contec Japan. A security vulnerability exists in Contec CONPROSYS HMI System versions prior to 3.7.7, which stems from cross-site scripting ...

6.1CVSS6AI score0.01083EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/07/01 12:0 a.m.4 views

Contec CONPROSYS HMI System 安全漏洞

Contec CONPROSYS HMI System is an HMI Human Machine Interface/SCADA Supervisory Control and Data Acquisition software product based on HTML5 technology from Contec Japan. A security vulnerability exists in Contec CONPROSYS HMI System versions prior to 3.7.7, which originates from an unauthenticat...

7.5CVSS6.2AI score0.00599EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 11:41 a.m.11 views

CVE-2025-0683

In its default configuration, Contec Health CMS8000 Patient Monitor transmits plain-text patient data to a hard-coded public IP address when a patient is hooked up to the monitor. This could lead to a leakage of confidential patient data to any device with that IP address or an attacker in a...

8.2CVSS6.9AI score0.00763EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:58 a.m.7 views

CVE-2023-46509

An issue in Contec SolarView Compact v.6.0 and before allows an attacker to execute arbitrary code via the texteditor.php component...

9.8CVSS7.8AI score0.00807EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 1:11 a.m.6 views

CVE-2022-36159

Contec FXA3200 version 1.13 and under were discovered to contain a hard coded hash password for root stored in the component /etc/shadow. As the password strength is weak, it can be cracked in few minutes. Through this credential, a malicious actor can access the Wireless LAN Manager interface an...

8.8CVSS7.3AI score0.00947EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 10:14 p.m.7 views

CVE-2022-36158

Contec FXA3200 version 1.13.00 and under suffers from Insecure Permissions in the Wireless LAN Manager interface which allows malicious actors to execute Linux commands with root privilege via a hidden web page /usr/www/ja/mntcmd.cgi...

8.8CVSS7.3AI score0.01431EPSS
Exploits1References1
CISA
CISA
added 2025/02/25 12:0 p.m.4 views

CISA Releases Two Industrial Control Systems Advisories

CISA released two Industrial Control Systems ICS advisories on February 25, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-056-01 Rockwell Automation PowerFlex 755 ICSMA-25-030-01 Contec Health CMS8000 Patien...

7AI score
Exploits0References2
CNNVD
CNNVD
added 2025/02/25 12:0 a.m.3 views

Contec Health CMS8000 Patient Monitor 安全漏洞

The Contec Health CMS8000 Patient Monitor is a vital signs patient monitor from Contec Japan. A security vulnerability exists in the Contec Health CMS8000 Patient Monitor that stems from an update binary that attempts to install to a hard-coded routable IP address, thereby bypassing existing devi...

7.7CVSS6.7AI score0.00446EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/02/06 2:18 a.m.8 views

CVE-2025-0626

The "monitor" binary in the firmware of the affected product attempts to mount to a hard-coded, routable IP address, bypassing existing device network settings to do so. The function also enables the network interface of the device if it is disabled. The function is triggered by attempting to...

7.7CVSS7.7AI score0.01116EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 10:30 a.m.12 views

CVE-2024-12248

Contec Health CMS8000 Patient Monitor is vulnerable to an out-of-bounds write, which could allow an attacker to send specially formatted UDP requests in order to write arbitrary data. This could result in remote code execution...

9.8CVSS7.6AI score0.01276EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2025/01/31 1:10 p.m.24 views

CISA and FDA Warn of Critical Backdoor in Contec CMS8000 Patient Monitors

The U.S. Cybersecurity and Infrastructure Security Agency CISA and the Food and Drug Administration FDA have issued alerts about the presence of hidden functionality in Contec CMS8000 patient monitors and Epsimed MN-120 patient monitors. The vulnerability, tracked as CVE-2025-0626 , carries a CVS...

9.3CVSS7.7AI score0.01276EPSS
Exploits0
Packet Storm News
Packet Storm News
added 2025/01/31 12:0 a.m.4 views

CISA: Contec CMS8000 Contains a Backdoor

This fact sheet details an analysis of three firmware package versions of the Contec CMS8000, a patient monitor used by the U.S. Healthcare and Public Health HPH sector. Analysts discovered that an embedded backdoor function with a hard-coded IP address and functionality that enables patient data...

8.2CVSS7AI score0.01116EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2025/01/30 6:17 p.m.11 views

CVE-2025-0683 Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Contec Health CMS8000 Patient Monitor

In its default configuration, Contec Health CMS8000 Patient Monitor transmits plain-text patient data to a hard-coded public IP address when a patient is hooked up to the monitor. This could lead to a leakage of confidential patient data to any device with that IP address or an attacker in a...

8.2CVSS5.8AI score0.00763EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/01/30 6:17 p.m.21 views

CVE-2025-0683 Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Contec Health CMS8000 Patient Monitor

In its default configuration, Contec Health CMS8000 Patient Monitor transmits plain-text patient data to a hard-coded public IP address when a patient is hooked up to the monitor. This could lead to a leakage of confidential patient data to any device with that IP address or an attacker in a...

8.2CVSS0.00763EPSS
Exploits0References2
CVE
CVE
added 2025/01/30 6:17 p.m.63 views

CVE-2025-0683

The CVE-2025-0683 entry affects Contec Health CMS8000 Patient Monitor. In its default configuration, it transmits plain-text patient data to a hard-coded public IP address, enabling potential data leakage to any device on that IP and enabling MITM-like interception. Public advisories (CISA ICS wa...

8.2CVSS6AI score0.00763EPSS
In wildExploits0References4
CVE
CVE
added 2025/01/30 6:17 p.m.69 views

CVE-2025-0626

The CVE-2025-0626 issue concerns Contec CMS8000 CMS8000 Patient Monitor firmware where the monitor binary attempts to mount to a hard-coded routable IP, bypassing device network settings, and can enable the network interface if it is disabled. Triggered during a device update from the user menu, ...

7.7CVSS7.7AI score0.01116EPSS
In wildExploits0References4
Rows per page
Query Builder