Vulnerabilities > Contec

DATE CVE VULNERABILITY TITLE RISK
2023-01-20 CVE-2023-22331 Improper Privilege Management vulnerability in Contec Conprosys HMI System
Use of default credentials vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote unauthenticated attacker to alter user credentials information.
network
low complexity
contec CWE-269
7.5
2023-01-20 CVE-2023-22334 Improper Authentication vulnerability in Contec Conprosys HMI System
Use of password hash instead of password for authentication vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote authenticated attacker to obtain user credentials information via a man-in-the-middle attack.
network
high complexity
contec CWE-287
5.3
2023-01-20 CVE-2023-22339 Unspecified vulnerability in Contec Conprosys HMI System
Improper access control vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote unauthenticated attacker to bypass access restriction and obtain the server certificate including the private key of the product.
network
low complexity
contec
7.5
2023-01-20 CVE-2023-22373 Cross-site Scripting vulnerability in Contec Conprosys HMI System
Cross-site scripting vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote authenticated attacker to inject an arbitrary script and obtain the sensitive information.
network
low complexity
contec CWE-79
5.4
2022-12-19 CVE-2022-44456 OS Command Injection vulnerability in Contec Conprosys HMI System 3.3.0/3.4.3/3.4.4
CONPROSYS HMI System (CHS) Ver.3.4.4?and earlier allows a remote unauthenticated attacker to execute an arbitrary OS command on the server where the product is running by sending a specially crafted request.
network
low complexity
contec CWE-78
critical
9.8
2022-11-29 CVE-2022-44354 Unrestricted Upload of File with Dangerous Type vulnerability in Contec Solarview Compact Firmware 4.0/5.0
SolarView Compact 4.0 and 5.0 is vulnerable to Unrestricted File Upload via a crafted php file.
network
low complexity
contec CWE-434
critical
9.8
2022-11-29 CVE-2022-44355 Cross-site Scripting vulnerability in Contec Solarview Compact Firmware 7.0
SolarView Compact 7.0 is vulnerable to Cross-site Scripting (XSS) via /network_test.php.
network
low complexity
contec CWE-79
6.1
2022-11-17 CVE-2022-40881 Command Injection vulnerability in Contec Solarview Compact Firmware 6.00
SolarView Compact 6.00 was discovered to contain a command injection vulnerability via network_test.php
network
low complexity
contec CWE-77
critical
9.8
2022-09-26 CVE-2022-36158 Forced Browsing vulnerability in Contec products
Contec FXA3200 version 1.13.00 and under suffers from Insecure Permissions in the Wireless LAN Manager interface which allows malicious actors to execute Linux commands with root privilege via a hidden web page (/usr/www/ja/mnt_cmd.cgi).
low complexity
contec CWE-425
8.0
2022-09-26 CVE-2022-36159 Use of Hard-coded Credentials vulnerability in Contec products
Contec FXA3200 version 1.13 and under were discovered to contain a hard coded hash password for root stored in the component /etc/shadow.
low complexity
contec CWE-798
8.8