Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-29154

SQL injection vulnerability exists in the CONPROSYS HMI System (CHS) versions prior to 3.5.3. A user who can access the affected product with an administrative privilege may execute an arbitrary SQL command via specially crafted input to the query setting page.

CVE
#sql#vulnerability#js#pdf

%PDF-1.7 %���� 208 0 obj <> endobj 242 0 obj <>/Encrypt 209 0 R/Filter/FlateDecode/ID[<4CC9DB30F105B54D839A8846EE4C0E36>]/Index[208 60]/Info 207 0 R/Length 143/Prev 646036/Root 210 0 R/Size 268/Type/XRef/W[1 3 1]>>stream h�bbd```b``.�L�@$�AɠY"Y���t��V�UfO�,�`q���`�s0"�$�l�2�D�:A�;؜�JF�,c� ɔ����$��, Rø{���l$&� �Q"�� �������� �_�� endstream endobj startxref 0 %%EOF 267 0 obj <>stream ���6��LbH ���P�ܼ~x�8�x�0|vi�E�7�tFo�U4pE@��2M�H�h�R�@�W�vaU�;W�Q͚�&���ҧl�P�s�羨X��{=���=�&$R ��S�����-c�{2��d���4��߇y�����$�%��N0d��t0<!����SZ���� 1��^�mR:4ϛ��Q��� C]t{��9P�.�����Y���S;t���ZQ��Cےɟ�t�� endstream endobj 209 0 obj <>>>/Filter/Standard/Length 256/O(u0����G\r�p�c�b$kp���R~��q P`�UK]1|�]���� e�o�)/OE(��Ƈ��v���F+<;\\YG�p\nh��In&9)/P -1324/Perms(DĔ�y�{H3�Mxv�)/R 6/StmF/StdCF/StrF/StdCF/U(�g���+��s�4vP�Dk���|ZSH̓[��j��a�[��z�f)/UE(-���ֱ�jh5�:���\)pVN&~��j��)/V 5>> endobj 210 0 obj < �)/MarkInfo<>/Metadata 14 0 R/OpenAction 211 0 R/PageLayout/SinglePage/Pages 206 0 R/StructTreeRoot 23 0 R/Type/Catalog>> endobj 211 0 obj <> endobj 212 0 obj <>/Font<>/ProcSet[/PDF/Text/ImageC]/XObject<>>>/Rotate 0/StructParents 0/Type/Page>> endobj 213 0 obj <>stream 1��3�ԤjE�o�?�8� �m���5�]�+��ˋ�zo��+�s㼏},�s}i*Fi��P�ҽ����W�3Z3�5��Q`l���b�Me�i<���>G�P3u0���AU�X�P��1%���S�gY ��3|Q}\�?�� ��(�-�ؾ��%7A���BKN�i���k@K��:Js�x�� �d�BT�ϬSr����,��6���kb$���-e���b�S�hO|�O��Fą1�aab��&� � `g]U�w�Ü�����E���� xS�Y.�]u�C �JB�$Mb�Xc����� g�UuA�[���˯ڜ�M1�c��bƐ��7��M�+��5��(式 �"��~�cc�QpK�<�@23A_xo� v�/�0���p�;�F*,�Q�M �񅔦/U$NoR]���W’���8R��pL*���p�h-��&�QLM�.��0{��’�B�;�&%�{Z ���U����I�h�h��E��C�D.��}����$l� @��V�Y�հ�3m�`��َ?���֟�2��1�PW��GĖ��j� l�槽g�\� 6 �ڿ���,YBQA>�u���2.k O?Q+��]�m����W�!�Zi���n����1b���43��ő�Dh�*�j�:9��E�Nu,�\�F�5$t� p��v�y�׬�lAeBP8���;{��e�rpق�,b6�hx˚CM��!f7���|K3�@���%bZ /�?���!WzH:�8"����*�q"�BM� �U �%g�萍F_��Nl��Cz��E���$� D���pv�p�d��n���BO�t,:k�N�y9���j�-�^�i�jHͧ0Pfa�ܸJ�#a�N�D�g�\� �е��R�V�ڸ�w���%��u�4 O?� p�H�1�lk� ?��X���S���_pJYo�Z�lvϴ, �x���1���b�+`���Pbip�x�lΡ�;+���R���ı��7ͣ�,����1)*�’��F�����+l�䫧� ����O�+Ͳ� �@��D/A��bT�qDk���hBF���kz�h50�ww�7�d�����&��O �/��+^ٕ�N�:237�Vc}�[9?iΙ%@:�W��Hj������� C���YU�c��e2ag��e��7i�^qS �>��ɴ&��6l��Y� 8��W��Z�D��k�>����?�� endstream endobj 214 0 obj <>stream �Rg��(u��h��r`�ٶi��tBT��O�paѩ�f!o�6�’a׺�}�=���ޒ�B���x_3��*g# ��4�aYo�jM+������7@�Lw�"p��j���������n�.�™ �#��Җke����F홀�8}��Df`?!�j)y9.���ih`������[9�$*TM(#"���:vf_�mh’�."t`�k�5qnlH*ӄcF�����F���>���,�l �[y�4��1� �?�&6w�8]� U� ��#�3Q�RI�L�I�㡌�/n�����h/1���3�xKhũpi��cCb��� I�T0U.�#�0���������"��k���5TOB����qP#�:��&��+gͽ�܃�<o�&8��M���lF� �2c�(�!{���՜ bD�֘:���h�8�%jH�l���ʖ�=cXX�(�R��r��<{R~r��2Z.��Μ ]jBCly/�-���.�Qc�w)1کꚈ��v�rT���\m��1|RG,-�l�\e��u}D endstream endobj 215 0 obj <>stream ��@��7Ā�N�3��鱗����QzJ/k��YF��L�26�!?���vvY�kˬ[�^Z���JG���3x��L�7��8#��UM’�֎N���O��#}�0�O�}��ҕ@Ŏ{�5(/�^�D�����j�q{yP�7��q r+���(/-k1=�)�%B�e.R�T���A��CH� ͤ��0�G��5�Cx,a�<�a tc`����3X����p�e��6�SE���6e�G~�-��%7e�K��`

Related news

CVE-2023-2758: Multiple vulnerabilities in Contec CONPROSYS HMI System (CHS)

A denial of service vulnerability exists in Contec CONPROSYS HMI System versions 3.5.2 and prior. When there is a time-zone mismatch in certain configuration files, a remote, unauthenticated attacker may deny logins for an extended period of time.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907