Vulnerabilities > Contec > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-10-27 CVE-2023-46509 Unspecified vulnerability in Contec Solarview Compact Firmware 4.0/5.0
An issue in Contec SolarView Compact v.6.0 and before allows an attacker to execute arbitrary code via the texteditor.php component.
network
low complexity
contec
critical
9.8
2023-05-23 CVE-2023-29919 Incorrect Default Permissions vulnerability in Contec Solarview Compact Firmware 4.0/5.0
SolarView Compact <= 6.0 is vulnerable to Insecure Permissions.
network
low complexity
contec CWE-276
critical
9.1
2023-02-06 CVE-2023-23333 Command Injection vulnerability in Contec Solarview Compact Firmware 4.0/5.0/6.0
There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassing internal restrictions through downloader.php.
network
low complexity
contec CWE-77
critical
9.8
2022-12-19 CVE-2022-44456 OS Command Injection vulnerability in Contec Conprosys HMI System 3.3.0/3.4.3/3.4.4
CONPROSYS HMI System (CHS) Ver.3.4.4?and earlier allows a remote unauthenticated attacker to execute an arbitrary OS command on the server where the product is running by sending a specially crafted request.
network
low complexity
contec CWE-78
critical
9.8
2022-11-29 CVE-2022-44354 Unrestricted Upload of File with Dangerous Type vulnerability in Contec Solarview Compact Firmware 4.0/5.0
SolarView Compact 4.0 and 5.0 is vulnerable to Unrestricted File Upload via a crafted php file.
network
low complexity
contec CWE-434
critical
9.8
2022-11-17 CVE-2022-40881 Command Injection vulnerability in Contec Solarview Compact Firmware 6.00
SolarView Compact 6.00 was discovered to contain a command injection vulnerability via network_test.php
network
low complexity
contec CWE-77
critical
9.8
2022-06-21 CVE-2022-31374 Unrestricted Upload of File with Dangerous Type vulnerability in Contec Sv-Cpt-Mc310 Firmware 6.0
An arbitrary file upload vulnerability /images/background/1.php in of SolarView Compact 6.0 allows attackers to execute arbitrary code via a crafted php file.
network
low complexity
contec CWE-434
critical
9.8
2022-05-12 CVE-2022-29303 OS Command Injection vulnerability in Contec Sv-Cpt-Mc310 Firmware 6.00
SolarView Compact ver.6.00 was discovered to contain a command injection vulnerability via conf_mail.php.
network
low complexity
contec CWE-78
critical
9.8
2021-02-24 CVE-2021-20658 OS Command Injection vulnerability in Contec Sv-Cpt-Mc310 Firmware 6.0/6.00
SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to execute arbitrary OS commands with the web server privilege via unspecified vectors.
network
low complexity
contec CWE-78
critical
9.8