CVE-2023-22331
https://notcve.org/view.php?id=CVE-2023-22331
Use of default credentials vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote unauthenticated attacker to alter user credentials information. El uso de la vulnerabilidad de credenciales predeterminadas en CONPROSYS HMI System (CHS) Ver.3.4.5 y versiones anteriores permite que un atacante remoto no autenticado altere la información de las credenciales del usuario. • https://jvn.jp/en/vu/JVNVU96873821 https://www.cisa.gov/uscert/ics/advisories/icsa-22-347-03 https://www.contec.com/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_230110_en.pdf https://www.contec.com/download/contract/contract4/?itemid=ea8039aa-3434-4999-9ab6-897aa690210c&downloaditemid=866d7d3c-aae9-438d-87f3-17aa040df90b • CWE-269: Improper Privilege Management •
CVE-2023-22339
https://notcve.org/view.php?id=CVE-2023-22339
Improper access control vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote unauthenticated attacker to bypass access restriction and obtain the server certificate including the private key of the product. Una vulnerabilidad de control de acceso inadecuado en CONPROSYS HMI System (CHS) Ver.3.4.5 y anteriores permite que un atacante remoto no autenticado evite la restricción de acceso y obtenga el certificado del servidor, incluida la clave privada del producto. • https://jvn.jp/en/vu/JVNVU96873821 https://www.cisa.gov/uscert/ics/advisories/icsa-22-347-03 https://www.contec.com/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_230110_en.pdf https://www.contec.com/download/contract/contract4/?itemid=ea8039aa-3434-4999-9ab6-897aa690210c&downloaditemid=866d7d3c-aae9-438d-87f3-17aa040df90b •
CVE-2022-44456
https://notcve.org/view.php?id=CVE-2022-44456
CONPROSYS HMI System (CHS) Ver.3.4.4?and earlier allows a remote unauthenticated attacker to execute an arbitrary OS command on the server where the product is running by sending a specially crafted request. CONPROSYS HMI System (CHS) Ver.3.4.4 y versiones anteriores permiten que un atacante remoto no autenticado ejecute un comando arbitrario del sistema operativo en el servidor donde se ejecuta el producto mediante el envío de una solicitud especialmente manipulada. • https://jvn.jp/en/vu/JVNVU96873821/index.html https://www.contec.com/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_221014_en.pdf https://www.contec.com/download/contract/contract4/?itemid=ea8039aa-3434-4999-9ab6-897aa690210c&downloaditemid=866d7d3c-aae9-438d-87f3-17aa040df90b • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •