Headline
CVE-2022-44456: Download License Agreement | CONTEC
CONPROSYS HMI System (CHS) Ver.3.4.4?and earlier allows a remote unauthenticated attacker to execute an arbitrary OS command on the server where the product is running by sending a specially crafted request.
PLEASE READ THIS SOFTWARE LICENSE AGREEMENT (the “Agreement”) CAREFULLY BEFORE USING CONTEC’S SOFTWARE. THIS AGREEMENT SET FORTH TERMS AND CONDITIONS REGARDING THE LICENSE TO USE CONTEC’S SOFTWARE ONTO WHICH THE AGREEMENT IS ATTACHED (the “Software”). BY DOWNLOADING, INSTALLING OR USING THE SOFTWARE OR USING MACHINEARY ONTO WHICH THE SOFTWARE HAS BEEN INSTALLED, CUSTOMERS ARE AGREEING TO BE BOUND BY THE AGREEMENT. CUSTOMERS MAY NOT DOWNLOAD, INSTALL OR USE THE SOFTWARE OR ANY MACHINERY ONTO WHICH THE SOFTWARE HAS BEEN INSTALLED WITHOUT AGREEING TO THE AGREEMENT.
Article 1. Intellectual Property Rights
The copyright, patent right or any other intellectual property right pertaining to the Software or any documentary attachments, such as manuals, as well as any copies thereof (the “Software and the Like”) shall belong to CONTEC or to a third party who has the right pertaining to the Software and the Like and who has granted CONTEC the right to use them, and customers shall have no rights therefor other than those expressly authorized herein.
Article 2. Permitted License
1. CONTEC grants customers a non-exclusive right to install and use the Software on one (1) computer during the term of the license which the customer has purchased.
2. Customers may make one (1) copy of the Software solely for emergency backup purposes in using the Software.
Article 3. License Authentication
Customers need to follow license authentication procedures to use the Software. If a customer does not properly follow license authentication procedures, the customer’s use of the Software may be restricted.
Article 4. Restrictions on Use
Customers shall not:
(1) Create any derivative software from the Software;
(2) Copy the Software other than as set forth herein;
(3) Modify, adapt, decompile, disassemble or reverse-engineer the Software;or
(4) Delete or alter the indication of the rights or the trademark on the Software.
Article 5. Limited Liabilities
1. If a customer gives a written notice of material non-conformity of the Software (except for malfunctions arising out of particular hardware or software which is not guaranteed to operate with the Software) within 90 days from the date of purchase of the license of the Software, CONTEC shall provide a modification program, introduce a solution, or return a part of the payment, depending on the degree of the non-conformity, and based on CONTEC’s sole discretion.
2. EXCEPT AS OTHERWISE PROVIDED BY THE PRECEDING PARAGRAPH, CONTEC HEREBY DISCLAIMS ANY WARRANTY WITH RESPECT TO THE SOFTWARE, EITHER EXPRESS, IMPLIED OR STATUTORY, INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, OF SATISFACTORY QUALITY, OR FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS HAVE SOLE RESPONSIBILITIES FOR CHOOSING THE SOFTWARE.
3. TO THE EXTENT NOT PROHIBITED BY LAW, IN NO EVENT SHALL CONTEC BE LIABLE FOR PERSONAL INJURY, OR ANY INCIDENTAL, SPECIAL, INDIRECT OR ANY OTHER COMMERCIAL DAMAGES OR LOSSES, ARISING OUT OF OR RELATED TO YOUR USE OR INABILITY TO USE THE SOFTWARE AND THE LIKE.
Article 6. Transfer
1. Customers may transfer the Software and the Like and their authorized rights herein to a third party provided that the transferee agrees to the terms and conditions herein. The customer transferring the rights shall not use the Software and the Like after such transfer.
2. Notwithstanding the preceding paragraph, if Customers obtained the rights pertaining to the Software and the Like by purchasing CONTEC’s hardware, customers may transfer their authorized rights pertaining to the Software and the Like only when the customer satisfies all of the following conditions:
(1) The customer transferring the rights transfers the transferee all the hardware on which the Software has been installed;
(2) The customer transferring the rights shall not use the Software and the Like after the transfer; and
(3) The transferee agrees to the terms and conditions herein.
3. If the Software and the Like and the authorized rights herein are transferred pursuant to the preceding paragraphs, the transferee shall be bound by the Agreement upon the transfer.
Article 7. Expiration and Termination
1. This Agreement shall expire upon the expiration of the term of the license.
2. CONTEC may terminate the Agreement with immediate effect without any notice or demand to the customer if the customer fails to comply with any of the provisions herein.
3. Upon the termination of the Agreement, the customer’s license shall cease to be effective. The customer shall immediately discontinue using the Software in any way, and shall uninstall and destruct any reproduction of the Software.
Article 8. Version Update
1. CONTEC may update the version of the Software without prior notice to customers.
2. CONTEC may offer a new version of the Software to customers with or without charge.
Article 9. Term of Support Service
Support service for the Software will not be provided upon the expiration of the term of the license which the customer has purchased. Regardless of the term of the license, support service can be terminated when the support term for the operating system on which the Software can operate and for the software platform end.
Article 10. Export Control
1. Customers shall comply with the Foreign Exchange and Foreign Trade Act of Japan, the U.S. Export Administration Regulation and the laws and regulations of any other country when taking the Software and the Like outside Japan.
2. Customers shall not transfer, export or re-export the Software and the Like to any individual or entity that is likely to use the Software and the Like to design, develop or manufacture nuclear weapons, biochemical weapons, or to design, develop or manufacture missiles.
3. Customers shall not transfer, export or re-export the Software and the Like to any individuals or entities set forth in the following countries or regions:
(1) The Republic of Cuba, The Islamic Republic of Iran, the Republic of Iraq, the Great Socialist People’s Libyan Arab Jamahiriya or North Korea;
(2) Any individuals or entities on the “List of Foreign Users” based on the Import Trade Control Order or the U.S. Department of Commerce’s "Denied Person’s List or Entity List"; or
(3) Any country, region, individual or entity designated by the government of Japan, the U.S. or any other relevant country.
Article 11. Governing Law
The provisions herein shall be construed and governed in accordance with the laws of Japan. This Agreement shall not be governed by the United Nations Convention on Contracts for the International Sale of Goods, the application of which is expressly excluded.
Article 12. Dispute Resolution
Upon the occurrence of any dispute in relation to the Agreement or the Software, if any legal procedures are required, such as the filing of a petition for a lawsuit, the Osaka Summary Court or the Osaka District Court shall have the exclusive jurisdiction over such dispute.
Article 13. Severability
If for any reason any portion of the provisions set forth herein is found to be invalid or unenforceable, the remainder of the Agreement shall not be affected in any way and shall be valid and enforceable to the extent permitted by law.
Related news
Cross-site scripting vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote authenticated attacker to inject an arbitrary script and obtain the sensitive information.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published four Industrial Control Systems (ICS) advisories, calling out several security flaws affecting products from Siemens, GE Digital, and Contec. The most critical of the issues have been identified in Siemens SINEC INS that could lead to remote code execution via a path traversal flaw (CVE-2022-45092, CVSS score: 9.9)