Filtered by vendor Contec
Subscriptions
Total
44 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-22334 | 1 Contec | 1 Conprosys Hmi System | 2024-08-02 | 5.3 Medium |
Use of password hash instead of password for authentication vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote authenticated attacker to obtain user credentials information via a man-in-the-middle attack. | ||||
CVE-2023-22324 | 1 Contec | 1 Conprosys Hmi System | 2024-08-02 | 6.5 Medium |
SQL injection vulnerability in the CONPROSYS HMI System (CHS) Ver.3.5.0 and earlier allows a remote authenticated attacker to execute an arbitrary SQL command. As a result, information stored in the database may be obtained. | ||||
CVE-2023-22339 | 1 Contec | 1 Conprosys Hmi System | 2024-08-02 | 7.5 High |
Improper access control vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote unauthenticated attacker to bypass access restriction and obtain the server certificate including the private key of the product. | ||||
CVE-2023-2758 | 1 Contec | 1 Conprosys Hmi System | 2024-08-02 | 3.7 Low |
A denial of service vulnerability exists in Contec CONPROSYS HMI System versions 3.5.2 and prior. When there is a time-zone mismatch in certain configuration files, a remote, unauthenticated attacker may deny logins for an extended period of time. |