Vulnerabilities > Contec > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-10-27 | CVE-2023-46509 | Unspecified vulnerability in Contec Solarview Compact Firmware 4.0/5.0 An issue in Contec SolarView Compact v.6.0 and before allows an attacker to execute arbitrary code via the texteditor.php component. | 9.8 |
2023-05-23 | CVE-2023-29919 | Incorrect Default Permissions vulnerability in Contec Solarview Compact Firmware 4.0/5.0 SolarView Compact <= 6.0 is vulnerable to Insecure Permissions. | 9.1 |
2023-02-06 | CVE-2023-23333 | Command Injection vulnerability in Contec Solarview Compact Firmware 4.0/5.0/6.0 There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassing internal restrictions through downloader.php. | 9.8 |
2022-12-19 | CVE-2022-44456 | OS Command Injection vulnerability in Contec Conprosys HMI System 3.3.0/3.4.3/3.4.4 CONPROSYS HMI System (CHS) Ver.3.4.4?and earlier allows a remote unauthenticated attacker to execute an arbitrary OS command on the server where the product is running by sending a specially crafted request. | 9.8 |
2022-11-29 | CVE-2022-44354 | Unrestricted Upload of File with Dangerous Type vulnerability in Contec Solarview Compact Firmware 4.0/5.0 SolarView Compact 4.0 and 5.0 is vulnerable to Unrestricted File Upload via a crafted php file. | 9.8 |
2022-11-17 | CVE-2022-40881 | Command Injection vulnerability in Contec Solarview Compact Firmware 6.00 SolarView Compact 6.00 was discovered to contain a command injection vulnerability via network_test.php | 9.8 |
2022-06-21 | CVE-2022-31374 | Unrestricted Upload of File with Dangerous Type vulnerability in Contec Sv-Cpt-Mc310 Firmware 6.0 An arbitrary file upload vulnerability /images/background/1.php in of SolarView Compact 6.0 allows attackers to execute arbitrary code via a crafted php file. | 9.8 |
2022-05-12 | CVE-2022-29303 | OS Command Injection vulnerability in Contec Sv-Cpt-Mc310 Firmware 6.00 SolarView Compact ver.6.00 was discovered to contain a command injection vulnerability via conf_mail.php. | 9.8 |
2021-02-24 | CVE-2021-20658 | OS Command Injection vulnerability in Contec Sv-Cpt-Mc310 Firmware 6.0/6.00 SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to execute arbitrary OS commands with the web server privilege via unspecified vectors. | 9.8 |