Contec

Conprosys Hmi System

15 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2023-22334

  • EPSS 1%
  • Veröffentlicht 20.01.2023 03:15:10
  • Zuletzt bearbeitet 03.04.2025 16:15:31

Use of password hash instead of password for authentication vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote authenticated attacker to obtain user credentials information via a man-in-the-middle attack.

7.5

CVE-2023-22339

  • EPSS 0.39%
  • Veröffentlicht 20.01.2023 03:15:10
  • Zuletzt bearbeitet 03.04.2025 20:15:21

Improper access control vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote unauthenticated attacker to bypass access restriction and obtain the server certificate including the private key of the product.

5.4

CVE-2023-22373

  • EPSS 1.07%
  • Veröffentlicht 20.01.2023 03:15:10
  • Zuletzt bearbeitet 03.04.2025 20:15:21

Cross-site scripting vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote authenticated attacker to inject an arbitrary script and obtain the sensitive information.

7.5

CVE-2023-22331

  • EPSS 2.65%
  • Veröffentlicht 20.01.2023 03:15:09
  • Zuletzt bearbeitet 03.04.2025 18:15:42

Use of default credentials vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote unauthenticated attacker to alter user credentials information.

9.8

CVE-2022-44456

  • EPSS 37.54%
  • Veröffentlicht 19.12.2022 03:15:10
  • Zuletzt bearbeitet 17.04.2025 15:15:49

CONPROSYS HMI System (CHS) Ver.3.4.4?and earlier allows a remote unauthenticated attacker to execute an arbitrary OS command on the server where the product is running by sending a specially crafted request.