CVE-2023-28399

Опубликовано: 01 июн. 2023

Источник: nvd

CVSS3: 7.8

EPSS Низкий

Описание

Incorrect permission assignment for critical resource exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. ACL (Access Control List) is not appropriately set to the local folder where the affected product is installed, therefore a wide range of privileges is permitted to a user of the PC where the affected product is installed. As a result, the user may be able to destroy the system and/or execute a malicious program.

Ссылки

https://jvn.jp/en/vu/JVNVU93372935/
Third Party Advisory
https://www.contec.com/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_230531_en.pdf
Vendor Advisory
https://www.contec.com/jp/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_230531_jp.pdf
Vendor Advisory
https://jvn.jp/en/vu/JVNVU93372935/
Third Party Advisory
https://www.contec.com/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_230531_en.pdf
Vendor Advisory
https://www.contec.com/jp/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_230531_jp.pdf
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:contec:conprosys_hmi_system:*:*:*:*:*:*:*:*

Версия до 3.5.3 (исключая)

EPSS

Процентиль: 16%

0.00051

Низкий

7.8 High

CVSS3

Дефекты

CWE-732

Связанные уязвимости

GHSA-vwgg-32x4-wm56