Lucene search

PRIOn knowledge basePRION:CVE-2023-28399

HistoryJun 01, 2023 - 2:15 a.m.

Code injection

2023-06-0102:15:00

PRIOn knowledge base

www.prio-n.com

code injection

permission assignment

vulnerability

conprosys hmi system

acl

access control list

privileges

user

malicious program

7.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Incorrect permission assignment for critical resource exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. ACL (Access Control List) is not appropriately set to the local folder where the affected product is installed, therefore a wide range of privileges is permitted to a user of the PC where the affected product is installed. As a result, the user may be able to destroy the system and/or execute a malicious program.

CPENameOperatorVersion
conprosys_hmi_systemlt3.5.3

CPE	Name	Operator	Version
	conprosys_hmi_system	lt	3.5.3

References

jvn.jp/en/vu/JVNVU93372935/

www.contec.com/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_230531_en.pdf

www.contec.com/jp/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_230531_jp.pdf