CVE-2023-29154

Опубликовано: 01 июн. 2023

Источник: nvd

CVSS3: 7.2

EPSS Средний

Описание

SQL injection vulnerability exists in the CONPROSYS HMI System (CHS) versions prior to 3.5.3. A user who can access the affected product with an administrative privilege may execute an arbitrary SQL command via specially crafted input to the query setting page.

Ссылки

https://jvn.jp/en/vu/JVNVU93372935/
Third Party Advisory
https://www.contec.com/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_230531_en.pdf
Vendor Advisory
https://www.contec.com/jp/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_230531_jp.pdf
Vendor Advisory
https://jvn.jp/en/vu/JVNVU93372935/
Third Party Advisory
https://www.contec.com/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_230531_en.pdf
Vendor Advisory
https://www.contec.com/jp/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_230531_jp.pdf
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:contec:conprosys_hmi_system:*:*:*:*:*:*:*:*

Версия до 3.5.3 (исключая)

EPSS

Процентиль: 94%

0.11943

Средний

7.2 High

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-9hh8-jr7j-vwg8