Vulnerabilities > Contec > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-06-01 CVE-2023-28651 Cross-site Scripting vulnerability in Contec Conprosys HMI System
Cross-site scripting vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3.
network
low complexity
contec CWE-79
4.8
2023-06-01 CVE-2023-28824 Server-Side Request Forgery (SSRF) vulnerability in Contec Conprosys HMI System
Server-side request forgery vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3.
network
low complexity
contec CWE-918
4.9
2023-05-31 CVE-2023-2758 Unspecified vulnerability in Contec Conprosys HMI System
A denial of service vulnerability exists in Contec CONPROSYS HMI System versions 3.5.2 and prior.
network
low complexity
contec
5.3
2023-05-23 CVE-2023-27920 Unspecified vulnerability in Contec Sv-Cpt-Mc310 Firmware and Sv-Cpt-Mc310F Firmware
Improper access control vulnerability in the system date/time setting page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to alter system date/time of the affected product.
network
low complexity
contec
4.3
2023-04-11 CVE-2023-23575 Unspecified vulnerability in Contec products
Improper access control vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker to bypass access restriction and access Network Maintenance page, which may result in obtaining the network information of the product.
network
low complexity
contec
4.3
2023-01-30 CVE-2023-22324 SQL Injection vulnerability in Contec Conprosys HMI System
SQL injection vulnerability in the CONPROSYS HMI System (CHS) Ver.3.5.0 and earlier allows a remote authenticated attacker to execute an arbitrary SQL command.
network
low complexity
contec CWE-89
6.5
2023-01-20 CVE-2023-22334 Improper Authentication vulnerability in Contec Conprosys HMI System
Use of password hash instead of password for authentication vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote authenticated attacker to obtain user credentials information via a man-in-the-middle attack.
network
high complexity
contec CWE-287
5.3
2023-01-20 CVE-2023-22373 Cross-site Scripting vulnerability in Contec Conprosys HMI System
Cross-site scripting vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote authenticated attacker to inject an arbitrary script and obtain the sensitive information.
network
low complexity
contec CWE-79
5.4
2022-11-29 CVE-2022-44355 Cross-site Scripting vulnerability in Contec Solarview Compact Firmware 7.0
SolarView Compact 7.0 is vulnerable to Cross-site Scripting (XSS) via /network_test.php.
network
low complexity
contec CWE-79
6.1
2022-06-21 CVE-2022-31373 Cross-site Scripting vulnerability in Contec Sv-Cpt-Mc310 Firmware 6.0
SolarView Compact v6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Solar_AiConf.php.
network
low complexity
contec CWE-79
6.1