Lucene search

[email protected]NVD:CVE-2023-28713

HistoryJun 01, 2023 - 2:15 a.m.

CVE-2023-28713

2023-06-0102:15:09

CWE-312

[email protected]

web.nvd.nist.gov

cve-2023-28713

plaintext storage

password

conprosys hmi system

information security

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

7.8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.6%

JSON

Plaintext storage of a password exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. Because account information of the database is saved in a local file in plaintext, a user who can access the PC where the affected product is installed can obtain the information. As a result, information in the database may be obtained and/or altered by the user.

Affected configurations

NVD

Node

contecconprosys_hmi_systemRange<3.5.3

References

jvn.jp/en/vu/JVNVU93372935/

www.contec.com/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_230531_en.pdf

www.contec.com/jp/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_230531_jp.pdf

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

7.8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.6%

JSON

Related for NVD:CVE-2023-28713

cvelist1 cve1 prion1