Vulnerabilities > Contec > Conprosys HMI System

DATE CVE VULNERABILITY TITLE RISK
2023-01-20 CVE-2023-22339 Unspecified vulnerability in Contec Conprosys HMI System
Improper access control vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote unauthenticated attacker to bypass access restriction and obtain the server certificate including the private key of the product.
network
low complexity
contec
7.5
2023-01-20 CVE-2023-22373 Cross-site Scripting vulnerability in Contec Conprosys HMI System
Cross-site scripting vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote authenticated attacker to inject an arbitrary script and obtain the sensitive information.
network
low complexity
contec CWE-79
5.4
2022-12-19 CVE-2022-44456 OS Command Injection vulnerability in Contec Conprosys HMI System 3.3.0/3.4.3/3.4.4
CONPROSYS HMI System (CHS) Ver.3.4.4?and earlier allows a remote unauthenticated attacker to execute an arbitrary OS command on the server where the product is running by sending a specially crafted request.
network
low complexity
contec CWE-78
critical
9.8