Vulnerabilities > Contec > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-11 | CVE-2023-27917 | OS Command Injection vulnerability in Contec products OS command injection vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker who can access Network Maintenance page to execute arbitrary OS commands with a root privilege. | 8.8 |
| 2023-01-20 | CVE-2023-22331 | Improper Privilege Management vulnerability in Contec Conprosys HMI System Use of default credentials vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote unauthenticated attacker to alter user credentials information. | 7.5 |
| 2023-01-20 | CVE-2023-22339 | Unspecified vulnerability in Contec Conprosys HMI System Improper access control vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote unauthenticated attacker to bypass access restriction and obtain the server certificate including the private key of the product. | 7.5 |
| 2022-09-26 | CVE-2022-36158 | Forced Browsing vulnerability in Contec products Contec FXA3200 version 1.13.00 and under suffers from Insecure Permissions in the Wireless LAN Manager interface which allows malicious actors to execute Linux commands with root privilege via a hidden web page (/usr/www/ja/mnt_cmd.cgi). | 8.0 |
| 2022-09-26 | CVE-2022-36159 | Use of Hard-coded Credentials vulnerability in Contec products Contec FXA3200 version 1.13 and under were discovered to contain a hard coded hash password for root stored in the component /etc/shadow. | 8.8 |
| 2022-08-16 | CVE-2022-35239 | Improper Input Validation vulnerability in Contec Sv-Cpt-Mc310 Firmware and Sv-Cpt-Mc310F Firmware The image file management page of SolarView Compact SV-CPT-MC310 Ver.7.23 and earlier, and SV-CPT-MC310F Ver.7.23 and earlier contains an insufficient verification vulnerability when uploading files. | 8.8 |
| 2022-05-12 | CVE-2022-29298 | Path Traversal vulnerability in Contec Sv-Cpt-Mc310 Firmware 6.00 SolarView Compact ver.6.00 allows attackers to access sensitive files via directory traversal. | 7.5 |
| 2021-02-24 | CVE-2021-20662 | Missing Authentication for Critical Function vulnerability in Contec Sv-Cpt-Mc310 Firmware 6.0/6.00 Missing authentication for critical function in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to alter the setting information without the access privileges via unspecified vectors. | 7.5 |
| 2021-02-24 | CVE-2021-20661 | Path Traversal vulnerability in Contec Sv-Cpt-Mc310 Firmware 6.0/6.00 Directory traversal vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows authenticated attackers to delete arbitrary files and/or directories on the server via unspecified vectors. | 8.1 |
| 2021-02-24 | CVE-2021-20659 | Unrestricted Upload of File with Dangerous Type vulnerability in Contec Sv-Cpt-Mc310 Firmware 6.0/6.00 SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to upload arbitrary files via unspecified vectors. | 8.8 |