Lucene search

[email protected]CVE-2023-29154

HistoryJun 01, 2023 - 2:15 a.m.

CVE-2023-29154

2023-06-0102:15:09

CWE-89

[email protected]

web.nvd.nist.gov

cve-2023-29154

sql injection

conprosys hmi system

chs

security vulnerability

nvd

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

64.6%

JSON

SQL injection vulnerability exists in the CONPROSYS HMI System (CHS) versions prior to 3.5.3. A user who can access the affected product with an administrative privilege may execute an arbitrary SQL command via specially crafted input to the query setting page.

Affected configurations

Vulners

NVD

Node

contecconprosys_hmi_systemRange<3.5.3

VendorProductVersionCPE
contecconprosys_hmi_system*cpe:2.3:a:contec:conprosys_hmi_system:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
contec	conprosys_hmi_system	*	cpe:2.3:a:contec:conprosys_hmi_system::::::::

CNA Affected

[
  {
    "vendor": "Contec Co., Ltd.",
    "product": "CONPROSYS HMI System (CHS)",
    "versions": [
      {
        "version": "versions prior to 3.5.3",
        "status": "affected"
      }
    ]
  }
]

References

jvn.jp/en/vu/JVNVU93372935/

www.contec.com/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_230531_en.pdf

www.contec.com/jp/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_230531_jp.pdf

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

64.6%

JSON

Related for CVE-2023-29154

cvelist1 prion1 nvd1