CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2023-22331
https://notcve.org/view.php?id=CVE-2023-22331
20 Jan 2023 — Use of default credentials vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote unauthenticated attacker to alter user credentials information. El uso de la vulnerabilidad de credenciales predeterminadas en CONPROSYS HMI System (CHS) Ver.3.4.5 y versiones anteriores permite que un atacante remoto no autenticado altere la información de las credenciales del usuario. • https://jvn.jp/en/vu/JVNVU96873821 • CWE-269: Improper Privilege Management •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22373
https://notcve.org/view.php?id=CVE-2023-22373
20 Jan 2023 — Cross-site scripting vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote authenticated attacker to inject an arbitrary script and obtain the sensitive information. Vulnerabilidad de cross-site scripting en CONPROSYS HMI System (CHS) Ver.3.4.5 y anteriores permite a un atacante remoto autenticado inyectar un script arbitrario y obtener información confidencial. • https://jvn.jp/en/vu/JVNVU96873821 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 40%CPEs: 1EXPL: 0CVE-2022-44456
https://notcve.org/view.php?id=CVE-2022-44456
19 Dec 2022 — CONPROSYS HMI System (CHS) Ver.3.4.4?and earlier allows a remote unauthenticated attacker to execute an arbitrary OS command on the server where the product is running by sending a specially crafted request. CONPROSYS HMI System (CHS) Ver.3.4.4 y versiones anteriores permiten que un atacante remoto no autenticado ejecute un comando arbitrario del sistema operativo en el servidor donde se ejecuta el producto mediante el envío de una solicitud especialmente manipulada. • https://jvn.jp/en/vu/JVNVU96873821/index.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •