Lucene search

[email protected]CVE-2023-22373

HistoryJan 20, 2023 - 3:15 a.m.

CVE-2023-22373

2023-01-2003:15:10

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-22373

cross-site scripting

conprosys hmi system

chs

vulnerability

security

nvd

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.1%

JSON

Cross-site scripting vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote authenticated attacker to inject an arbitrary script and obtain the sensitive information.

Affected configurations

Vulners

NVD

Node

contecconprosys_hmi_systemMatch3.4.5

VendorProductVersionCPE
contecconprosys_hmi_system3.4.5cpe:2.3:a:contec:conprosys_hmi_system:3.4.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
contec	conprosys_hmi_system	3.4.5	cpe:2.3:a:contec:conprosys_hmi_system:3.4.5:::::::*

CNA Affected

[
  {
    "vendor": "Contec Co., Ltd.",
    "product": "CONPROSYS HMI System (CHS)",
    "versions": [
      {
        "version": "Ver.3.4.5 and earlier",
        "status": "affected"
      }
    ]
  }
]

References

jvn.jp/en/vu/JVNVU96873821

www.cisa.gov/uscert/ics/advisories/icsa-22-347-03

www.contec.com/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_230110_en.pdf

www.contec.com/download/contract/contract4/?itemid=ea8039aa-3434-4999-9ab6-897aa690210c&downloaditemid=866d7d3c-aae9-438d-87f3-17aa040df90b