Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistJpcertCVELIST:CVE-2023-28399
HistoryJun 01, 2023 - 12:00 a.m.

CVE-2023-28399

2023-06-0100:00:00
jpcert
www.cve.org
conprosys hmi system
acl
access control list
permission assignment
critical resource
malicious program

7.8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Incorrect permission assignment for critical resource exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. ACL (Access Control List) is not appropriately set to the local folder where the affected product is installed, therefore a wide range of privileges is permitted to a user of the PC where the affected product is installed. As a result, the user may be able to destroy the system and/or execute a malicious program.

CNA Affected

[
  {
    "vendor": "Contec Co., Ltd.",
    "product": "CONPROSYS HMI System (CHS)",
    "versions": [
      {
        "version": "versions prior to 3.5.3",
        "status": "affected"
      }
    ]
  }
]

Related

nvd 1
cve 1
prion 1
nvd
nvd
CVE-2023-28399
2023-06-01 02:15:09
cve
cve
CVE-2023-28399
2023-06-01 02:15:09
prion
prion
Code injection
2023-06-01 02:15:00

7.8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON
Related for CVELIST:CVE-2023-28399
nvd1cve1prion1