Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2023-06-01	CVE-2023-28651	Cross-site Scripting vulnerability in Contec Conprosys HMI System Cross-site scripting vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. network low complexity contec CWE-79	4.8
2023-06-01	CVE-2023-28824	Server-Side Request Forgery (SSRF) vulnerability in Contec Conprosys HMI System Server-side request forgery vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. network low complexity contec CWE-918	4.9
2023-05-31	CVE-2023-2758	Unspecified vulnerability in Contec Conprosys HMI System A denial of service vulnerability exists in Contec CONPROSYS HMI System versions 3.5.2 and prior. network low complexity contec	5.3
2023-05-23	CVE-2023-27920	Unspecified vulnerability in Contec Sv-Cpt-Mc310 Firmware and Sv-Cpt-Mc310F Firmware Improper access control vulnerability in the system date/time setting page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to alter system date/time of the affected product. network low complexity contec	4.3
2023-04-11	CVE-2023-23575	Unspecified vulnerability in Contec products Improper access control vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker to bypass access restriction and access Network Maintenance page, which may result in obtaining the network information of the product. network low complexity contec	4.3
2023-01-30	CVE-2023-22324	SQL Injection vulnerability in Contec Conprosys HMI System SQL injection vulnerability in the CONPROSYS HMI System (CHS) Ver.3.5.0 and earlier allows a remote authenticated attacker to execute an arbitrary SQL command. network low complexity contec CWE-89	6.5
2023-01-20	CVE-2023-22334	Improper Authentication vulnerability in Contec Conprosys HMI System Use of password hash instead of password for authentication vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote authenticated attacker to obtain user credentials information via a man-in-the-middle attack. network high complexity contec CWE-287	5.3
2023-01-20	CVE-2023-22373	Cross-site Scripting vulnerability in Contec Conprosys HMI System Cross-site scripting vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote authenticated attacker to inject an arbitrary script and obtain the sensitive information. network low complexity contec CWE-79	5.4
2022-11-29	CVE-2022-44355	Cross-site Scripting vulnerability in Contec Solarview Compact Firmware 7.0 SolarView Compact 7.0 is vulnerable to Cross-site Scripting (XSS) via /network_test.php. network low complexity contec CWE-79	6.1
2022-06-21	CVE-2022-31373	Cross-site Scripting vulnerability in Contec Sv-Cpt-Mc310 Firmware 6.0 SolarView Compact v6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Solar_AiConf.php. network low complexity contec CWE-79	6.1