Headline
CVE-2023-22373: Multiple vulnerabilities in Contec CONPROSYS HMI System (CHS)
Cross-site scripting vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote authenticated attacker to inject an arbitrary script and obtain the sensitive information.
Published:2022/12/14 Last Updated:2023/01/10
Overview
CONPROSYS HMI System (CHS) provided by Contec Co., Ltd. contains multiple vulnerabilities.
Products Affected
CVE-2022-44456
- CONPROSYS HMI System (CHS) Ver.3.4.4 and earlier
CVE-2023-22331, CVE-2023-22334, CVE-2023-22373, CVE-2023-22339
- CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier
Description
CONPROSYS HMI System (CHS) provided by Contec Co., Ltd. contains multiple vulnerabilities listed below.
OS Command Injection (CWE-78) - CVE-2022-44456
CVSS v3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Base Score: 10.0
Use of Default Credentials (CWE-1392) - CVE-2023-22331
CVSS v3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Base Score: 7.5
Use of Password Hash Instead of Password for Authentication (CWE-836) - CVE-2023-22334
CVSS v3
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score: 5.3
Cross-site Scripting (CWE-79) - CVE-2023-22373
CVSS v3
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Base Score: 5.7
Improper Access Control (CWE-284) - CVE-2023-22339
CVSS v3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score: 7.5
Impact
CVE-2022-44456
An arbitrary OS command may be executed on the server where the product is running, when an unauthenticated remote attacker sends a specially crafted request.
CVE-2023-22331
User credentials information may be altered by a remote unauthenticated attacker.
CVE-2023-22334
User credentials information may be obtained via a man-in-the-middle attack.
CVE-2023-22373
An arbitrary script may be executed on the web browser of the administrative user who is logging into the product, and sensitive information may be obtained.
CVE-2023-22339
A remote unauthenticated attacker may obtain the server certificate including the private key of the product.
Solution
Update the software
Update the software to the latest version according to the information provided by the developer.
Vendor Status
References
- ICS Advisory (ICSA-22-347-03)
Contec CONPROSYS HMI System (CHS)
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Floris Hendriks and Jeroen Wijenbergh of Radboud University reported these vulnerabilities to Contec Co., Ltd. and coordinated. Contec Co., Ltd. and JPCERT/CC published respective advisories in order to notify users of its solution.
Other Information
Update History
2023/01/10
Information under the section [Title], [Overview], [Products Affected], [Description], [Impact], [Vendor Status], [References], and [Credit] was updated.
Related news
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published four Industrial Control Systems (ICS) advisories, calling out several security flaws affecting products from Siemens, GE Digital, and Contec. The most critical of the issues have been identified in Siemens SINEC INS that could lead to remote code execution via a path traversal flaw (CVE-2022-45092, CVSS score: 9.9)
CONPROSYS HMI System (CHS) Ver.3.4.4?and earlier allows a remote unauthenticated attacker to execute an arbitrary OS command on the server where the product is running by sending a specially crafted request.