Vulnerabilities > Contec > Conprosys HMI System

DATE CVE VULNERABILITY TITLE RISK
2023-06-01 CVE-2023-28399 Incorrect Permission Assignment for Critical Resource vulnerability in Contec Conprosys HMI System
Incorrect permission assignment for critical resource exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3.
local
low complexity
contec CWE-732
7.8
2023-06-01 CVE-2023-28651 Cross-site Scripting vulnerability in Contec Conprosys HMI System
Cross-site scripting vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3.
network
low complexity
contec CWE-79
4.8
2023-06-01 CVE-2023-28657 Unspecified vulnerability in Contec Conprosys HMI System
Improper access control vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3.
network
low complexity
contec
8.8
2023-06-01 CVE-2023-28713 Cleartext Storage of Sensitive Information vulnerability in Contec Conprosys HMI System
Plaintext storage of a password exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3.
network
low complexity
contec CWE-312
8.1
2023-06-01 CVE-2023-28824 Server-Side Request Forgery (SSRF) vulnerability in Contec Conprosys HMI System
Server-side request forgery vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3.
network
low complexity
contec CWE-918
4.9
2023-06-01 CVE-2023-29154 SQL Injection vulnerability in Contec Conprosys HMI System
SQL injection vulnerability exists in the CONPROSYS HMI System (CHS) versions prior to 3.5.3.
network
low complexity
contec CWE-89
7.2
2023-05-31 CVE-2023-2758 Unspecified vulnerability in Contec Conprosys HMI System
A denial of service vulnerability exists in Contec CONPROSYS HMI System versions 3.5.2 and prior.
network
low complexity
contec
5.3
2023-01-30 CVE-2023-22324 SQL Injection vulnerability in Contec Conprosys HMI System
SQL injection vulnerability in the CONPROSYS HMI System (CHS) Ver.3.5.0 and earlier allows a remote authenticated attacker to execute an arbitrary SQL command.
network
low complexity
contec CWE-89
6.5
2023-01-20 CVE-2023-22331 Improper Privilege Management vulnerability in Contec Conprosys HMI System
Use of default credentials vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote unauthenticated attacker to alter user credentials information.
network
low complexity
contec CWE-269
7.5
2023-01-20 CVE-2023-22334 Improper Authentication vulnerability in Contec Conprosys HMI System
Use of password hash instead of password for authentication vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote authenticated attacker to obtain user credentials information via a man-in-the-middle attack.
network
high complexity
contec CWE-287
5.3