7.5
CVE-2025-34081
- EPSS 0.6%
- Veröffentlicht 01.07.2025 17:56:56
- Zuletzt bearbeitet 04.11.2025 23:15:35
- Quelle disclosure@vulncheck.com
- CVE-Watchlists
- Unerledigt
CONPROSYS HMI System (CHS) < 3.7.7 Exposed PHP Debug Info
The Contec Co.,Ltd. CONPROSYS HMI System (CHS) exposes a PHP phpinfo() debug page to unauthenticated users that may contain sensitive data useful for an attacker.This issue affects CONPROSYS HMI System (CHS): before 3.7.7.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Contec ≫ Conprosys Hmi System Version < 3.7.7
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.6% | 0.443 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| disclosure@vulncheck.com | 6.9 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-215 Insertion of Sensitive Information Into Debugging Code
The product inserts sensitive information into debugging code, which could expose this information if the debugging code is not disabled in production.
https://jvn.jp/en/vu/JVNVU92266386/
https://www.vulncheck.com/advisories/conprosys-hmi-system-exposed-php-debug-info