Vulnerabilities > Contec > Conprosys HMI System
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-20 | CVE-2023-22339 | Unspecified vulnerability in Contec Conprosys HMI System Improper access control vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote unauthenticated attacker to bypass access restriction and obtain the server certificate including the private key of the product. | 7.5 |
| 2023-01-20 | CVE-2023-22373 | Cross-site Scripting vulnerability in Contec Conprosys HMI System Cross-site scripting vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote authenticated attacker to inject an arbitrary script and obtain the sensitive information. | 5.4 |
| 2022-12-19 | CVE-2022-44456 | OS Command Injection vulnerability in Contec Conprosys HMI System 3.3.0/3.4.3/3.4.4 CONPROSYS HMI System (CHS) Ver.3.4.4?and earlier allows a remote unauthenticated attacker to execute an arbitrary OS command on the server where the product is running by sending a specially crafted request. | 9.8 |