Contec: >> Conprosys Hmi System >> 3.3.0 Security Vulnerabilities
Use of password hash instead of password for authentication vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote authenticated attacker to obtain user credentials information via a man-in-the-middle attack.
CVSS Score
5.3
EPSS Score
0.01
Published
2023-01-20
Improper access control vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote unauthenticated attacker to bypass access restriction and obtain the server certificate including the private key of the product.
CVSS Score
7.5
EPSS Score
0.004
Published
2023-01-20
Cross-site scripting vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote authenticated attacker to inject an arbitrary script and obtain the sensitive information.
CVSS Score
5.4
EPSS Score
0.011
Published
2023-01-20
Use of default credentials vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote unauthenticated attacker to alter user credentials information.
CVSS Score
7.5
EPSS Score
0.027
Published
2023-01-20
CONPROSYS HMI System (CHS) Ver.3.4.4?and earlier allows a remote unauthenticated attacker to execute an arbitrary OS command on the server where the product is running by sending a specially crafted request.
CVSS Score
9.8
EPSS Score
0.375
Published
2022-12-19
Page 2