Vulnerabilities > Contec

DATE CVE VULNERABILITY TITLE RISK
2023-10-27 CVE-2023-46509 Unspecified vulnerability in Contec Solarview Compact Firmware 4.0/5.0/6.0
An issue in Contec SolarView Compact v.6.0 and before allows an attacker to execute arbitrary code via the texteditor.php component.
network
low complexity
contec
critical
9.8
2023-09-08 CVE-2023-40924 Path Traversal vulnerability in Contec Solarview Compact Firmware 6.0
SolarView Compact < 6.00 is vulnerable to Directory Traversal.
network
low complexity
contec CWE-22
7.5
2023-06-01 CVE-2023-28399 Incorrect Permission Assignment for Critical Resource vulnerability in Contec Conprosys HMI System
Incorrect permission assignment for critical resource exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3.
local
low complexity
contec CWE-732
7.8
2023-06-01 CVE-2023-28651 Cross-site Scripting vulnerability in Contec Conprosys HMI System
Cross-site scripting vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3.
network
low complexity
contec CWE-79
4.8
2023-06-01 CVE-2023-28657 Unspecified vulnerability in Contec Conprosys HMI System
Improper access control vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3.
network
low complexity
contec
8.8
2023-06-01 CVE-2023-28713 Cleartext Storage of Sensitive Information vulnerability in Contec Conprosys HMI System
Plaintext storage of a password exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3.
network
low complexity
contec CWE-312
8.1
2023-06-01 CVE-2023-28824 Server-Side Request Forgery (SSRF) vulnerability in Contec Conprosys HMI System
Server-side request forgery vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3.
network
low complexity
contec CWE-918
4.9
2023-06-01 CVE-2023-29154 SQL Injection vulnerability in Contec Conprosys HMI System
SQL injection vulnerability exists in the CONPROSYS HMI System (CHS) versions prior to 3.5.3.
network
low complexity
contec CWE-89
7.2
2023-05-31 CVE-2023-2758 Unspecified vulnerability in Contec Conprosys HMI System
A denial of service vulnerability exists in Contec CONPROSYS HMI System versions 3.5.2 and prior.
network
low complexity
contec
5.3
2023-05-23 CVE-2023-27512 Use of Hard-coded Credentials vulnerability in Contec Sv-Cpt-Mc310 Firmware and Sv-Cpt-Mc310F Firmware
Use of hard-coded credentials exists in SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10, and SV-CPT-MC310F versions prior to Ver.8.10, which may allow a remote authenticated attacker to login the affected product with an administrative privilege and perform an unintended operation.
network
low complexity
contec CWE-798
7.2