Shodan
Vulnerabilities
Vulnerable Software
Contec:  Security Vulnerabilities
CVE-2023-23333
There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassing internal restrictions through downloader.php.
CVSS Score
9.8
EPSS Score
0.942
Published
2023-02-06
CVE-2023-22324
SQL injection vulnerability in the CONPROSYS HMI System (CHS) Ver.3.5.0 and earlier allows a remote authenticated attacker to execute an arbitrary SQL command. As a result, information stored in the database may be obtained.
CVSS Score
6.5
EPSS Score
0.002
Published
2023-01-30
CVE-2023-22334
Use of password hash instead of password for authentication vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote authenticated attacker to obtain user credentials information via a man-in-the-middle attack.
CVSS Score
5.3
EPSS Score
0.008
Published
2023-01-20
CVE-2023-22339
Improper access control vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote unauthenticated attacker to bypass access restriction and obtain the server certificate including the private key of the product.
CVSS Score
7.5
EPSS Score
0.003
Published
2023-01-20
CVE-2023-22373
Cross-site scripting vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote authenticated attacker to inject an arbitrary script and obtain the sensitive information.
CVSS Score
5.4
EPSS Score
0.008
Published
2023-01-20
CVE-2023-22331
Use of default credentials vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote unauthenticated attacker to alter user credentials information.
CVSS Score
7.5
EPSS Score
0.017
Published
2023-01-20
CVE-2022-44456
CONPROSYS HMI System (CHS) Ver.3.4.4?and earlier allows a remote unauthenticated attacker to execute an arbitrary OS command on the server where the product is running by sending a specially crafted request.
CVSS Score
9.8
EPSS Score
0.356
Published
2022-12-19
CVE-2022-44354
SolarView Compact 4.0 and 5.0 is vulnerable to Unrestricted File Upload via a crafted php file.
CVSS Score
9.8
EPSS Score
0.018
Published
2022-11-29
CVE-2022-44355
SolarView Compact 7.0 is vulnerable to Cross-site Scripting (XSS) via /network_test.php.
CVSS Score
6.1
EPSS Score
0.003
Published
2022-11-29
CVE-2022-40881
SolarView Compact 6.00 was discovered to contain a command injection vulnerability via network_test.php
CVSS Score
9.8
EPSS Score
0.937
Published
2022-11-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved