Conprosys Hmi System Security Vulnerabilities and Issues — Conprosys Hmi System CVE List

ContecConprosys Hmi System

15 matches found

CVE•added 2023/01/20 12:0 a.m.•84 views

CVE-2023-22339

CONPROSYS HMI System (CHS) by Contec is affected by CVE-2023-22339 due to improper access control in 3.4.5 and earlier. This vulnerability could let a remote unauthenticated attacker bypass access restrictions and obtain the server certificate, including the private key. Affected versions: 3.4.5 ...

7.5CVSS7.5AI score0.00197EPSS

CVE•added 2022/12/19 12:0 a.m.•71 views

CVE-2022-44456

CONTEC CONPROSYS HMI System (CHS) versions 3.4.4 and earlier are affected by CVE-2022-44456, an OS command injection vulnerability that allows a remote unauthenticated attacker to execute arbitrary OS commands on the server by sending a specially crafted request. Reported impact is remote code ex...

9.8CVSS9.6AI score0.25192EPSS

CVE•added 2023/01/20 12:0 a.m.•62 views

CVE-2023-22334

CVE-2023-22334 affects CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier. The root issue is use of a password hash instead of the actual password for authentication, which can allow a remote authenticated attacker to obtain user credentials information via a man-in-the-middle attack. Affected advi...

5.3CVSS5.1AI score0.0055EPSS

CVE•added 2023/06/01 12:0 a.m.•57 views

CVE-2023-28713

The CVE-2023-28713 entry concerns CONPROSYS HMI System (CHS) prior to version 3.5.3, where account information for the database is stored in plaintext in a local file. This allows someone with access to the host PC to obtain sensitive data and potentially modify database contents. The vulnerabili...

8.1CVSS7.7AI score0.00178EPSS

CVE•added 2023/01/20 12:0 a.m.•56 views

CVE-2023-22331

CVE-2023-22331 affects CONPROSYS HMI System (CHS) by a default-credentials vulnerability in versions 3.4.5 and earlier, allowing a remote unauthenticated attacker to alter user credentials information. The issue arises from use of default credentials (CWE-1392) in CHS, with a CVSS v3 base score o...

7.5CVSS7.5AI score0.00855EPSS

CVE•added 2023/01/20 12:0 a.m.•56 views

CVE-2023-22373

CVE-2023-22373 affects CONPROSYS HMI System (CHS) up to version 3.4.5. The vulnerability is a Cross-site Scripting (CWE-79) in the web interface used by the administrative user, allowing a remote authenticated attacker to inject arbitrary scripts and potentially obtain sensitive information. Vend...

5.4CVSS5.2AI score0.00272EPSS

CVE•added 2023/01/30 12:0 a.m.•45 views

CVE-2023-22324

CVE-2023-22324 affects CONPROSYS HMI System (CHS) versions 3.5.0 and earlier. The vulnerability is an SQL injection in CHS that allows a remote authenticated attacker to execute arbitrary SQL commands, potentially exposing information stored in the database. The available connected sources descri...

6.5CVSS6.5AI score0.00387EPSS

CVE•added 2023/06/01 12:0 a.m.•43 views

CVE-2023-28399

The CVE-2023-28399 issue affects CONPROSYS HMI System (CHS) before version 3.5.3. The root cause is an incorrect ACL permissions setup on the local installation folder, granting a wide range of privileges to a PC user. Impact, as described in the sources, includes potential destruction of the sys...

7.8CVSS7.5AI score0.00052EPSS

CVE•added 2023/06/01 12:0 a.m.•43 views

CVE-2023-28824

CVE-2023-28824 affects Contec CONPROSYS HMI System (CHS) prior to version 3.5.3. The issue is a server-side request forgery (SSRF) vulnerability where an administrator can bypass the query-setting database restrictions and connect to a user-unintended database. Root cause details in connected doc...

4.9CVSS5.2AI score0.00308EPSS

CVE•added 2023/06/01 12:0 a.m.•42 views

CVE-2023-29154

CVE-2023-29154 affects Contec CONPROSYS HMI System (CHS) prior to version 3.5.3. The vulnerability is an SQL injection that allows a user with administrative privileges to execute arbitrary SQL commands through specially crafted input on the query setting page. Several sources (including CVE list...

7.2CVSS7.4AI score0.03557EPSS

CVE•added 2023/06/01 12:0 a.m.•41 views

CVE-2023-28651

CONPROSYS HMI System (CHS)

4.8CVSS5.1AI score0.03589EPSS

CVE•added 2023/06/01 12:0 a.m.•39 views

CVE-2023-28657

CVE-2023-28657 refers to an improper access control vulnerability in CONPROSYS HMI System (CHS) versions prior to 3.5.3. The affected product runs on CHS where a local PC user may gain administrative privileges, potentially exposing and modifying product information. The CVE is associated with CH...

8.8CVSS8.5AI score0.00483EPSS

CVE•added 2023/05/31 2:9 p.m.•34 views

CVE-2023-2758

Contec CONPROSYS HMI System (CHS) versions 3.5.2 and earlier are affected by CVE-2023-2758: a time-zone mismatch in certain configuration files allows a remote, unauthenticated attacker to deny logins for an extended period. A fix is available in Ver.3.5.3 as reported by the vendor/developer coor...

5.3CVSS4.9AI score0.00482EPSS

CVE•added 2025/07/01 5:56 p.m.•19 views

CVE-2025-34081

The CVE-2025-34081 affects Contec CONPROSYS HMI System (CHS) prior to version 3.7.7. The issue is the exposure of a PHP phpinfo() debugging page to unauthenticated users, which may disclose sensitive runtime information useful to an attacker. Public sources in the connected documents confirm the ...

7.5CVSS7.2AI score0.00388EPSS

CVE•added 2025/07/01 5:51 p.m.•18 views

CVE-2025-34080

CVE-2025-34080 affects Contec Co.,Ltd. CONPROSYS HMI System (CHS) versions before 3.7.7. The issue is a reflected Cross-Site Scripting (XSS) in the getqsetting.php functionality, enabling execution of browser scripts on interaction. The vulnerability’s impact is browser-side script execution for ...

6.1CVSS5.8AI score0.00232EPSS