Vulnerability Details CVE-2023-29154
SQL injection vulnerability exists in the CONPROSYS HMI System (CHS) versions prior to 3.5.3. A user who can access the affected product with an administrative privilege may execute an arbitrary SQL command via specially crafted input to the query setting page.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.11
EPSS Ranking 93.1%
CVSS Severity
CVSS v3 Score 7.2
References
- https://jvn.jp/en/vu/JVNVU93372935/
- https://www.contec.com/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_230531_en.pdf
- https://www.contec.com/jp/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_230531_jp.pdf
- https://jvn.jp/en/vu/JVNVU93372935/
- https://www.contec.com/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_230531_en.pdf
- https://www.contec.com/jp/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_230531_jp.pdf
Products affected by CVE-2023-29154
-
cpe:2.3:a:contec:conprosys_hmi_system:-
-
cpe:2.3:a:contec:conprosys_hmi_system:3.3.0
-
cpe:2.3:a:contec:conprosys_hmi_system:3.4.3
-
cpe:2.3:a:contec:conprosys_hmi_system:3.4.4
-
cpe:2.3:a:contec:conprosys_hmi_system:3.4.5
-
cpe:2.3:a:contec:conprosys_hmi_system:3.5.0
-
cpe:2.3:a:contec:conprosys_hmi_system:3.5.1
-
cpe:2.3:a:contec:conprosys_hmi_system:3.5.2