CVSS: 4.8EPSS: 13%CPEs: 1EXPL: 0CVE-2023-28651
https://notcve.org/view.php?id=CVE-2023-28651
01 Jun 2023 — Cross-site scripting vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. If a user who can access the affected product with an administrative privilege configures specially crafted settings, an arbitrary script may be executed on the web browser of the other user who is accessing the affected product with an administrative privilege. • https://jvn.jp/en/vu/JVNVU93372935 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2758 – Contec CONPROSYS HMI System (CHS) v3.5.2 Denial of Service
https://notcve.org/view.php?id=CVE-2023-2758
31 May 2023 — A denial of service vulnerability exists in Contec CONPROSYS HMI System versions 3.5.2 and prior. When there is a time-zone mismatch in certain configuration files, a remote, unauthenticated attacker may deny logins for an extended period of time. • https://jvn.jp/en/vu/JVNVU93372935/index.html • CWE-799: Improper Control of Interaction Frequency •
CVSS: 9.0EPSS: 1%CPEs: 4EXPL: 0CVE-2023-27514
https://notcve.org/view.php?id=CVE-2023-27514
23 May 2023 — OS command injection vulnerability in the download page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to execute an arbitrary OS command. • https://jvn.jp/en/vu/JVNVU92106300 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 2%CPEs: 4EXPL: 0CVE-2023-27518
https://notcve.org/view.php?id=CVE-2023-27518
23 May 2023 — Buffer overflow vulnerability in the multiple setting pages of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to execute arbitrary code. • https://jvn.jp/en/vu/JVNVU92106300 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-27920
https://notcve.org/view.php?id=CVE-2023-27920
23 May 2023 — Improper access control vulnerability in the system date/time setting page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to alter system date/time of the affected product. • https://jvn.jp/en/vu/JVNVU92106300 • CWE-863: Incorrect Authorization •
CVSS: 9.0EPSS: 1%CPEs: 4EXPL: 0CVE-2023-27521
https://notcve.org/view.php?id=CVE-2023-27521
23 May 2023 — OS command injection vulnerability in the mail setting page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows remote authenticated attackers to execute an arbitrary OS command. • https://jvn.jp/en/vu/JVNVU92106300 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 91%CPEs: 2EXPL: 1CVE-2023-29919
https://notcve.org/view.php?id=CVE-2023-29919
23 May 2023 — SolarView Compact <= 6.0 is vulnerable to Insecure Permissions. Any file on the server can be read or modified because texteditor.php is not restricted. • https://github.com/xiaosed/CVE-2023-29919 • CWE-276: Incorrect Default Permissions •
CVSS: 8.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-27512
https://notcve.org/view.php?id=CVE-2023-27512
23 May 2023 — Use of hard-coded credentials exists in SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10, and SV-CPT-MC310F versions prior to Ver.8.10, which may allow a remote authenticated attacker to login the affected product with an administrative privilege and perform an unintended operation. • https://jvn.jp/en/vu/JVNVU92106300 • CWE-798: Use of Hard-coded Credentials •
CVSS: 4.3EPSS: 0%CPEs: 38EXPL: 0CVE-2023-23575
https://notcve.org/view.php?id=CVE-2023-23575
11 Apr 2023 — Improper access control vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker to bypass access restriction and access Network Maintenance page, which may result in obtaining the network information of the product. The affected products and versions are as follows: M2M Gateway with the firmware Ver.3.7.10 and earlier (CPS-MG341-ADSC1-111, CPS-MG341-ADSC1-931, CPS-MG341G-ADSC1-111, CPS-MG341G-ADSC1-930, and CPS-MG341G5-ADSC1-931), M2M Controller Integrated Type with firmware V... • https://jvn.jp/en/vu/JVNVU96198617 • CWE-284: Improper Access Control •
CVSS: 9.0EPSS: 2%CPEs: 38EXPL: 0CVE-2023-27917
https://notcve.org/view.php?id=CVE-2023-27917
11 Apr 2023 — OS command injection vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker who can access Network Maintenance page to execute arbitrary OS commands with a root privilege. The affected products and versions are as follows: M2M Gateway with the firmware Ver.3.7.10 and earlier (CPS-MG341-ADSC1-111, CPS-MG341-ADSC1-931, CPS-MG341G-ADSC1-111, CPS-MG341G-ADSC1-930, and CPS-MG341G5-ADSC1-931), M2M Controller Integrated Type with firmware Ver.3.7.6 and earlier versions (CPS-MC341-AD... • https://jvn.jp/en/vu/JVNVU96198617 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •