HIGH🇬🇧 English

CVE-2023-29154

CVSS 7.2v3.1pub. 2023-06-01upd. 2025-01-09

SQL injection vulnerability exists in the CONPROSYS HMI System (CHS) versions prior to 3.5.3. A user who can access the affected product with an administrative privilege may execute an arbitrary SQL command via specially crafted input to the query setting page.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • Contec Conprosys Hmi System

    APP
    Contec
    < 3.5.3
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
SQLi
CWE
Referencje

Powiązane podatności

CVE-2022-44456CRITICAL9.8ten sam produkt

CONPROSYS HMI System (CHS) Ver.3.4.4?and earlier allows a remote unauthenticated attacker to execute an arbitr...

CVE-2023-28713HIGH8.1ten sam produkt

Plaintext storage of a password exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. Because account ...

CVE-2023-28657HIGH8.8ten sam produkt

Improper access control vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. A user of ...

CVE-2023-28399HIGH7.8ten sam produkt

Incorrect permission assignment for critical resource exists in CONPROSYS HMI System (CHS) versions prior to 3...

CVE-2023-22331HIGH7.5ten sam produkt

Use of default credentials vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote u...

CVE-2023-29154 — HIGH 7.2 | CVEbaza.pl