Vulnerability Details CVE-2023-28713
Plaintext storage of a password exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. Because account information of the database is saved in a local file in plaintext, a user who can access the PC where the affected product is installed can obtain the information. As a result, information in the database may be obtained and/or altered by the user.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 27.2%
CVSS Severity
CVSS v3 Score 8.1
References
- https://jvn.jp/en/vu/JVNVU93372935/
- https://www.contec.com/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_230531_en.pdf
- https://www.contec.com/jp/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_230531_jp.pdf
- https://jvn.jp/en/vu/JVNVU93372935/
- https://www.contec.com/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_230531_en.pdf
- https://www.contec.com/jp/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_230531_jp.pdf
Products affected by CVE-2023-28713
-
cpe:2.3:a:contec:conprosys_hmi_system:-
-
cpe:2.3:a:contec:conprosys_hmi_system:3.3.0
-
cpe:2.3:a:contec:conprosys_hmi_system:3.4.3
-
cpe:2.3:a:contec:conprosys_hmi_system:3.4.4
-
cpe:2.3:a:contec:conprosys_hmi_system:3.4.5
-
cpe:2.3:a:contec:conprosys_hmi_system:3.5.0
-
cpe:2.3:a:contec:conprosys_hmi_system:3.5.1
-
cpe:2.3:a:contec:conprosys_hmi_system:3.5.2