7.5
CVE-2023-22331
- EPSS 1.01%
- Veröffentlicht 20.01.2023 03:15:09
- Zuletzt bearbeitet 03.04.2025 18:15:42
- Quelle vultures@jpcert.or.jp
- CVE-Watchlists
- Unerledigt
Use of default credentials vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote unauthenticated attacker to alter user credentials information.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Contec ≫ Conprosys Hmi System Version <= 3.4.5
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.01% | 0.585 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
|
CWE-269 Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
https://www.contec.com/download/contract/contract4/?itemid=ea8039aa-3434-4999-9ab6-897aa690210c&downloaditemid=866d7d3c-aae9-438d-87f3-17aa040df90b
https://jvn.jp/en/vu/JVNVU96873821
https://www.cisa.gov/uscert/ics/advisories/icsa-22-347-03
https://www.contec.com/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_230110_en.pdf