Vulnerabilities > Contec > Conprosys HMI System > High

DATE CVE VULNERABILITY TITLE RISK
2023-06-01 CVE-2023-28399 Incorrect Permission Assignment for Critical Resource vulnerability in Contec Conprosys HMI System
Incorrect permission assignment for critical resource exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3.
local
low complexity
contec CWE-732
7.8
2023-06-01 CVE-2023-28657 Unspecified vulnerability in Contec Conprosys HMI System
Improper access control vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3.
network
low complexity
contec
8.8
2023-06-01 CVE-2023-28713 Cleartext Storage of Sensitive Information vulnerability in Contec Conprosys HMI System
Plaintext storage of a password exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3.
network
low complexity
contec CWE-312
8.1
2023-06-01 CVE-2023-29154 SQL Injection vulnerability in Contec Conprosys HMI System
SQL injection vulnerability exists in the CONPROSYS HMI System (CHS) versions prior to 3.5.3.
network
low complexity
contec CWE-89
7.2
2023-01-20 CVE-2023-22331 Improper Privilege Management vulnerability in Contec Conprosys HMI System
Use of default credentials vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote unauthenticated attacker to alter user credentials information.
network
low complexity
contec CWE-269
7.5
2023-01-20 CVE-2023-22339 Unspecified vulnerability in Contec Conprosys HMI System
Improper access control vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote unauthenticated attacker to bypass access restriction and obtain the server certificate including the private key of the product.
network
low complexity
contec
7.5