Conprosys Hmi System@* Security Vulnerabilities and Issues — Conprosys Hmi System@* CVE List

ContecConprosys Hmi System*

10 matches found

CVE•added 2023/06/01 12:0 a.m.•60 views

CVE-2023-28713

The CVE-2023-28713 entry concerns CONPROSYS HMI System (CHS) prior to version 3.5.3, where account information for the database is stored in plaintext in a local file. This allows someone with access to the host PC to obtain sensitive data and potentially modify database contents. The vulnerabili...

8.1CVSS7.7AI score0.00431EPSS

CVE•added 2023/01/30 12:0 a.m.•47 views

CVE-2023-22324

CVE-2023-22324 affects CONPROSYS HMI System (CHS) versions 3.5.0 and earlier. The vulnerability is an SQL injection in CHS that allows a remote authenticated attacker to execute arbitrary SQL commands, potentially exposing information stored in the database. The available connected sources descri...

6.5CVSS6.5AI score0.01327EPSS

CVE•added 2023/06/01 12:0 a.m.•45 views

CVE-2023-28824

CVE-2023-28824 affects Contec CONPROSYS HMI System (CHS) prior to version 3.5.3. The issue is a server-side request forgery (SSRF) vulnerability where an administrator can bypass the query-setting database restrictions and connect to a user-unintended database. Root cause details in connected doc...

4.9CVSS5.2AI score0.00641EPSS

CVE•added 2023/06/01 12:0 a.m.•45 views

CVE-2023-29154

CVE-2023-29154 affects Contec CONPROSYS HMI System (CHS) prior to version 3.5.3. The vulnerability is an SQL injection that allows a user with administrative privileges to execute arbitrary SQL commands through specially crafted input on the query setting page. Several sources (including CVE list...

7.2CVSS7.4AI score0.44023EPSS

CVE•added 2023/06/01 12:0 a.m.•44 views

CVE-2023-28399

The CVE-2023-28399 issue affects CONPROSYS HMI System (CHS) before version 3.5.3. The root cause is an incorrect ACL permissions setup on the local installation folder, granting a wide range of privileges to a PC user. Impact, as described in the sources, includes potential destruction of the sys...

7.8CVSS7.5AI score0.00182EPSS

CVE•added 2023/06/01 12:0 a.m.•43 views

CVE-2023-28651

CONPROSYS HMI System (CHS)

4.8CVSS5.1AI score0.64795EPSS

CVE•added 2023/06/01 12:0 a.m.•41 views

CVE-2023-28657

CVE-2023-28657 refers to an improper access control vulnerability in CONPROSYS HMI System (CHS) versions prior to 3.5.3. The affected product runs on CHS where a local PC user may gain administrative privileges, potentially exposing and modifying product information. The CVE is associated with CH...

8.8CVSS8.5AI score0.00708EPSS

CVE•added 2023/05/31 2:9 p.m.•37 views

CVE-2023-2758

Contec CONPROSYS HMI System (CHS) versions 3.5.2 and earlier are affected by CVE-2023-2758: a time-zone mismatch in certain configuration files allows a remote, unauthenticated attacker to deny logins for an extended period. A fix is available in Ver.3.5.3 as reported by the vendor/developer coor...

5.3CVSS4.9AI score0.0104EPSS

CVE•added 2025/07/01 5:51 p.m.•21 views

CVE-2025-34080

CVE-2025-34080 affects Contec Co.,Ltd. CONPROSYS HMI System (CHS) versions before 3.7.7. The issue is a reflected Cross-Site Scripting (XSS) in the getqsetting.php functionality, enabling execution of browser scripts on interaction. The vulnerability’s impact is browser-side script execution for ...

6.1CVSS5.8AI score0.01083EPSS

CVE•added 2025/07/01 5:56 p.m.•21 views

CVE-2025-34081

The CVE-2025-34081 affects Contec CONPROSYS HMI System (CHS) prior to version 3.7.7. The issue is the exposure of a PHP phpinfo() debugging page to unauthenticated users, which may disclose sensitive runtime information useful to an attacker. Public sources in the connected documents confirm the ...

7.5CVSS7.2AI score0.00594EPSS