Vulnerabilities > Contec > Conprosys HMI System > 3.5.1

DATE CVE VULNERABILITY TITLE RISK
2023-06-01 CVE-2023-28399 Incorrect Permission Assignment for Critical Resource vulnerability in Contec Conprosys HMI System
Incorrect permission assignment for critical resource exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3.
local
low complexity
contec CWE-732
7.8
2023-06-01 CVE-2023-28651 Cross-site Scripting vulnerability in Contec Conprosys HMI System
Cross-site scripting vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3.
network
low complexity
contec CWE-79
4.8
2023-06-01 CVE-2023-28657 Unspecified vulnerability in Contec Conprosys HMI System
Improper access control vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3.
network
low complexity
contec
8.8
2023-06-01 CVE-2023-28713 Cleartext Storage of Sensitive Information vulnerability in Contec Conprosys HMI System
Plaintext storage of a password exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3.
network
low complexity
contec CWE-312
8.1
2023-06-01 CVE-2023-28824 Server-Side Request Forgery (SSRF) vulnerability in Contec Conprosys HMI System
Server-side request forgery vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3.
network
low complexity
contec CWE-918
4.9
2023-06-01 CVE-2023-29154 SQL Injection vulnerability in Contec Conprosys HMI System
SQL injection vulnerability exists in the CONPROSYS HMI System (CHS) versions prior to 3.5.3.
network
low complexity
contec CWE-89
7.2
2023-05-31 CVE-2023-2758 Unspecified vulnerability in Contec Conprosys HMI System
A denial of service vulnerability exists in Contec CONPROSYS HMI System versions 3.5.2 and prior.
network
low complexity
contec
5.3