CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22339
https://notcve.org/view.php?id=CVE-2023-22339
20 Jan 2023 — Improper access control vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote unauthenticated attacker to bypass access restriction and obtain the server certificate including the private key of the product. Una vulnerabilidad de control de acceso inadecuado en CONPROSYS HMI System (CHS) Ver.3.4.5 y anteriores permite que un atacante remoto no autenticado evite la restricción de acceso y obtenga el certificado del servidor, incluida la clave privada del producto. • https://jvn.jp/en/vu/JVNVU96873821 • CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22373
https://notcve.org/view.php?id=CVE-2023-22373
20 Jan 2023 — Cross-site scripting vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote authenticated attacker to inject an arbitrary script and obtain the sensitive information. Vulnerabilidad de cross-site scripting en CONPROSYS HMI System (CHS) Ver.3.4.5 y anteriores permite a un atacante remoto autenticado inyectar un script arbitrario y obtener información confidencial. • https://jvn.jp/en/vu/JVNVU96873821 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 26%CPEs: 1EXPL: 0CVE-2022-44456
https://notcve.org/view.php?id=CVE-2022-44456
19 Dec 2022 — CONPROSYS HMI System (CHS) Ver.3.4.4?and earlier allows a remote unauthenticated attacker to execute an arbitrary OS command on the server where the product is running by sending a specially crafted request. CONPROSYS HMI System (CHS) Ver.3.4.4 y versiones anteriores permiten que un atacante remoto no autenticado ejecute un comando arbitrario del sistema operativo en el servidor donde se ejecuta el producto mediante el envío de una solicitud especialmente manipulada. • https://jvn.jp/en/vu/JVNVU96873821/index.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •