Vulnerabilities > Contec > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-01 | CVE-2023-28651 | Cross-site Scripting vulnerability in Contec Conprosys HMI System Cross-site scripting vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. | 4.8 |
| 2023-06-01 | CVE-2023-28824 | Server-Side Request Forgery (SSRF) vulnerability in Contec Conprosys HMI System Server-side request forgery vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. | 4.9 |
| 2023-05-31 | CVE-2023-2758 | Unspecified vulnerability in Contec Conprosys HMI System A denial of service vulnerability exists in Contec CONPROSYS HMI System versions 3.5.2 and prior. | 5.3 |
| 2023-05-23 | CVE-2023-27920 | Unspecified vulnerability in Contec Sv-Cpt-Mc310 Firmware and Sv-Cpt-Mc310F Firmware Improper access control vulnerability in the system date/time setting page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to alter system date/time of the affected product. | 4.3 |
| 2023-01-30 | CVE-2023-22324 | SQL Injection vulnerability in Contec Conprosys HMI System SQL injection vulnerability in the CONPROSYS HMI System (CHS) Ver.3.5.0 and earlier allows a remote authenticated attacker to execute an arbitrary SQL command. | 6.5 |
| 2023-01-20 | CVE-2023-22334 | Improper Authentication vulnerability in Contec Conprosys HMI System Use of password hash instead of password for authentication vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote authenticated attacker to obtain user credentials information via a man-in-the-middle attack. | 5.3 |
| 2023-01-20 | CVE-2023-22373 | Cross-site Scripting vulnerability in Contec Conprosys HMI System Cross-site scripting vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote authenticated attacker to inject an arbitrary script and obtain the sensitive information. | 5.4 |
| 2022-11-29 | CVE-2022-44355 | Cross-site Scripting vulnerability in Contec Solarview Compact Firmware 7.0 SolarView Compact 7.0 is vulnerable to Cross-site Scripting (XSS) via /network_test.php. | 6.1 |
| 2022-06-21 | CVE-2022-31373 | Cross-site Scripting vulnerability in Contec Sv-Cpt-Mc310 Firmware 6.0 SolarView Compact v6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Solar_AiConf.php. | 4.3 |
| 2021-02-24 | CVE-2021-20662 | Missing Authentication for Critical Function vulnerability in Contec Sv-Cpt-Mc310 Firmware Missing authentication for critical function in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to alter the setting information without the access privileges via unspecified vectors. | 5.0 |