Vulnerabilities > Contec > High

DATE CVE VULNERABILITY TITLE RISK
2023-09-08 CVE-2023-40924 Path Traversal vulnerability in Contec Solarview Compact Firmware 4.0/5.0
SolarView Compact < 6.00 is vulnerable to Directory Traversal.
network
low complexity
contec CWE-22
7.5
2023-06-01 CVE-2023-28399 Incorrect Permission Assignment for Critical Resource vulnerability in Contec Conprosys HMI System
Incorrect permission assignment for critical resource exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3.
local
low complexity
contec CWE-732
7.8
2023-06-01 CVE-2023-28657 Unspecified vulnerability in Contec Conprosys HMI System
Improper access control vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3.
network
low complexity
contec
8.8
2023-06-01 CVE-2023-28713 Cleartext Storage of Sensitive Information vulnerability in Contec Conprosys HMI System
Plaintext storage of a password exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3.
network
low complexity
contec CWE-312
8.1
2023-06-01 CVE-2023-29154 SQL Injection vulnerability in Contec Conprosys HMI System
SQL injection vulnerability exists in the CONPROSYS HMI System (CHS) versions prior to 3.5.3.
network
low complexity
contec CWE-89
7.2
2023-05-23 CVE-2023-27512 Use of Hard-coded Credentials vulnerability in Contec Sv-Cpt-Mc310 Firmware and Sv-Cpt-Mc310F Firmware
Use of hard-coded credentials exists in SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10, and SV-CPT-MC310F versions prior to Ver.8.10, which may allow a remote authenticated attacker to login the affected product with an administrative privilege and perform an unintended operation.
network
low complexity
contec CWE-798
7.2
2023-05-23 CVE-2023-27514 OS Command Injection vulnerability in Contec Sv-Cpt-Mc310 Firmware and Sv-Cpt-Mc310F Firmware
OS command injection vulnerability in the download page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to execute an arbitrary OS command.
network
low complexity
contec CWE-78
8.8
2023-05-23 CVE-2023-27518 Classic Buffer Overflow vulnerability in Contec Sv-Cpt-Mc310 Firmware and Sv-Cpt-Mc310F Firmware
Buffer overflow vulnerability in the multiple setting pages of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to execute arbitrary code.
network
low complexity
contec CWE-120
8.8
2023-05-23 CVE-2023-27521 OS Command Injection vulnerability in Contec Sv-Cpt-Mc310 Firmware and Sv-Cpt-Mc310F Firmware
OS command injection vulnerability in the mail setting page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows remote authenticated attackers to execute an arbitrary OS command.
network
low complexity
contec CWE-78
8.8
2023-04-11 CVE-2023-27389 Inadequate Encryption Strength vulnerability in Contec products
Inadequate encryption strength vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker with an administrative privilege to apply a specially crafted Firmware update file, alter the information, cause a denial-of-service (DoS) condition, and/or execute arbitrary code.
network
low complexity
contec CWE-326
7.2