Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-22373: Multiple vulnerabilities in Contec CONPROSYS HMI System (CHS)

Cross-site scripting vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote authenticated attacker to inject an arbitrary script and obtain the sensitive information.

CVE
#xss#vulnerability#web#auth

Published:2022/12/14 Last Updated:2023/01/10

Overview

CONPROSYS HMI System (CHS) provided by Contec Co., Ltd. contains multiple vulnerabilities.

Products Affected

CVE-2022-44456

  • CONPROSYS HMI System (CHS) Ver.3.4.4 and earlier

CVE-2023-22331, CVE-2023-22334, CVE-2023-22373, CVE-2023-22339

  • CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier

Description

CONPROSYS HMI System (CHS) provided by Contec Co., Ltd. contains multiple vulnerabilities listed below.

  • OS Command Injection (CWE-78) - CVE-2022-44456

    CVSS v3

    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

    Base Score: 10.0

  • Use of Default Credentials (CWE-1392) - CVE-2023-22331

    CVSS v3

    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

    Base Score: 7.5

  • Use of Password Hash Instead of Password for Authentication (CWE-836) - CVE-2023-22334

    CVSS v3

    CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

    Base Score: 5.3

  • Cross-site Scripting (CWE-79) - CVE-2023-22373

    CVSS v3

    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

    Base Score: 5.7

  • Improper Access Control (CWE-284) - CVE-2023-22339

    CVSS v3

    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

    Base Score: 7.5

Impact

CVE-2022-44456

An arbitrary OS command may be executed on the server where the product is running, when an unauthenticated remote attacker sends a specially crafted request.

CVE-2023-22331

User credentials information may be altered by a remote unauthenticated attacker.

CVE-2023-22334

User credentials information may be obtained via a man-in-the-middle attack.

CVE-2023-22373

An arbitrary script may be executed on the web browser of the administrative user who is logging into the product, and sensitive information may be obtained.

CVE-2023-22339

A remote unauthenticated attacker may obtain the server certificate including the private key of the product.

Solution

Update the software
Update the software to the latest version according to the information provided by the developer.

Vendor Status

References

  1. ICS Advisory (ICSA-22-347-03)
    Contec CONPROSYS HMI System (CHS)

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Floris Hendriks and Jeroen Wijenbergh of Radboud University reported these vulnerabilities to Contec Co., Ltd. and coordinated. Contec Co., Ltd. and JPCERT/CC published respective advisories in order to notify users of its solution.

Other Information

Update History

2023/01/10

Information under the section [Title], [Overview], [Products Affected], [Description], [Impact], [Vendor Status], [References], and [Credit] was updated.

Related news

CISA Warns of Flaws in Siemens, GE Digital, and Contec Industrial Control Systems

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published four Industrial Control Systems (ICS) advisories, calling out several security flaws affecting products from Siemens, GE Digital, and Contec. The most critical of the issues have been identified in Siemens SINEC INS that could lead to remote code execution via a path traversal flaw (CVE-2022-45092, CVSS score: 9.9)

CVE-2022-44456: Download License Agreement | CONTEC

CONPROSYS HMI System (CHS) Ver.3.4.4?and earlier allows a remote unauthenticated attacker to execute an arbitrary OS command on the server where the product is running by sending a specially crafted request.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907