All the vulnerabilites related to Contec - CONPROSYS HMI System (CHS)
jvndb-2023-002002
Vulnerability from jvndb
Published
2023-06-01 13:48
Modified
2024-03-19 18:13
Severity ?
Summary
Multiple vulnerabilities in Contec CONPROSYS HMI System (CHS)
Details
CONPROSYS HMI System (CHS) provided by Contec Co., Ltd. contains multiple vulnerabilities listed below.
* Plaintext storage of a password (CWE-256) - CVE-2023-28713
* Incorrect permission assignment for critical resource (CWE-732) - CVE-2023-28399
* Improper access control (CWE-284) - CVE-2023-28657
* Cross-site scripting (CWE-79) - CVE-2023-28651
* Server-side request forgery (CWE-918)- CVE-2023-28824
* SQL injection (CWE-89) - CVE-2023-29154
* Improper control of interaction frequency (CWE-799) - CVE-2023-2758
Michael Heinzl reported the vulnerabilities listed below to JPCERT/CC, and JPCERT/CC coordinated with the developer.
CVE-2023-28713, CVE-2023-28399, CVE-2023-28657, CVE-2023-28651, CVE-2023-28824, CVE-2023-29154
Tenable, Inc. reported CVE-2023-2758 vulnerability to the developer, and based on the coordination request made by the developer, JPCERT/CC coordinated with Tenable, Inc. and the developer.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Contec | CONPROSYS HMI System (CHS) |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-002002.html",
"dc:date": "2024-03-19T18:13+09:00",
"dcterms:issued": "2023-06-01T13:48+09:00",
"dcterms:modified": "2024-03-19T18:13+09:00",
"description": "CONPROSYS HMI System (CHS) provided by Contec Co., Ltd. contains multiple vulnerabilities listed below.\r\n\r\n* Plaintext storage of a password (CWE-256) - CVE-2023-28713\r\n* Incorrect permission assignment for critical resource (CWE-732) - CVE-2023-28399\r\n* Improper access control (CWE-284) - CVE-2023-28657\r\n* Cross-site scripting (CWE-79) - CVE-2023-28651\r\n* Server-side request forgery (CWE-918)- CVE-2023-28824\r\n* SQL injection (CWE-89) - CVE-2023-29154\r\n* Improper control of interaction frequency (CWE-799) - CVE-2023-2758\r\n\r\nMichael Heinzl reported the vulnerabilities listed below to JPCERT/CC, and JPCERT/CC coordinated with the developer.\r\nCVE-2023-28713, CVE-2023-28399, CVE-2023-28657, CVE-2023-28651, CVE-2023-28824, CVE-2023-29154\r\n\r\nTenable, Inc. reported CVE-2023-2758 vulnerability to the developer, and based on the coordination request made by the developer, JPCERT/CC coordinated with Tenable, Inc. and the developer.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-002002.html",
"sec:cpe": {
"#text": "cpe:/a:contec:conprosys_hmi_system",
"@product": "CONPROSYS HMI System (CHS)",
"@vendor": "Contec",
"@version": "2.2"
},
"sec:cvss": {
"@score": "8.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2023-002002",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU93372935/index.html",
"@id": "JVNVU#93372935",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-28713",
"@id": "CVE-2023-28713",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-28399",
"@id": "CVE-2023-28399",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-28657",
"@id": "CVE-2023-28657",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-28651",
"@id": "CVE-2023-28651",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-28824",
"@id": "CVE-2023-28824",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-29154",
"@id": "CVE-2023-29154",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-2758",
"@id": "CVE-2023-2758",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-2758",
"@id": "CVE-2023-2758",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-28399",
"@id": "CVE-2023-28399",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-28651",
"@id": "CVE-2023-28651",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-28657",
"@id": "CVE-2023-28657",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-28713",
"@id": "CVE-2023-28713",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-28824",
"@id": "CVE-2023-28824",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-29154",
"@id": "CVE-2023-29154",
"@source": "NVD"
},
{
"#text": "https://cwe.mitre.org/data/definitions/256.html",
"@id": "CWE-256",
"@title": "Unprotected Storage of Credentials(CWE-256)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/284.html",
"@id": "CWE-284",
"@title": "Improper Access Control(CWE-284)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/732.html",
"@id": "CWE-732",
"@title": "Incorrect Permission Assignment for Critical Resource(CWE-732)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/799.html",
"@id": "CWE-799",
"@title": "Improper Control of Interaction Frequency(CWE-799)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-89",
"@title": "SQL Injection(CWE-89)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/918.html",
"@id": "CWE-918",
"@title": "Server-Side Request Forgery (SSRF)(CWE-918)"
}
],
"title": "Multiple vulnerabilities in Contec CONPROSYS HMI System (CHS)"
}
jvndb-2023-001400
Vulnerability from jvndb
Published
2023-04-03 16:19
Modified
2023-04-03 16:19
Severity ?
Summary
CONPROSYS HMI System(CHS) vulnerable to SQL injection
Details
CONPROSYS HMI System(CHS) provided by Contec Co., Ltd. contains an SQL injection vulnerability (CWE-89, CVE-2023-1658).
Tenable Network Security reported this vulnerability to the developer.
JPCERT/CC coordinated with the reporter and the developer.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/vu/JVNVU92145493/index.html | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2023-1658 | |
| SQL Injection(CWE-89) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Contec | CONPROSYS HMI System (CHS) |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-001400.html",
"dc:date": "2023-04-03T16:19+09:00",
"dcterms:issued": "2023-04-03T16:19+09:00",
"dcterms:modified": "2023-04-03T16:19+09:00",
"description": "CONPROSYS HMI System(CHS) provided by Contec Co., Ltd. contains an SQL injection vulnerability (CWE-89, CVE-2023-1658).\r\n\r\nTenable Network Security reported this vulnerability to the developer.\r\nJPCERT/CC coordinated with the reporter and the developer.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-001400.html",
"sec:cpe": {
"#text": "cpe:/a:contec:conprosys_hmi_system",
"@product": "CONPROSYS HMI System (CHS)",
"@vendor": "Contec",
"@version": "2.2"
},
"sec:cvss": {
"@score": "7.5",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2023-001400",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU92145493/index.html",
"@id": "JVNVU#92145493",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-1658",
"@id": "CVE-2023-1658",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-89",
"@title": "SQL Injection(CWE-89)"
}
],
"title": "CONPROSYS HMI System(CHS) vulnerable to SQL injection"
}
jvndb-2023-001108
Vulnerability from jvndb
Published
2023-01-24 13:38
Modified
2023-01-24 13:38
Severity ?
Summary
Contec CONPROSYS HMI System (CHS) vulnerable to multiple SQL injections
Details
CONPROSYS HMI System (CHS) provided by CONTEC CO.,LTD. contains multiple SQL injection vulnerabilities (CWE-89).
Mosin from ELEX FEIGONG RESEARCH INSTITUTE of Elex CyberSecurity, Inc., reported these vulnerabilities to Contec Co., Ltd.
Contec Co., Ltd. reported the issues to JPCERT/CC in order to notify the solutions to the users through JVN.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Contec | CONPROSYS HMI System (CHS) |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-001108.html",
"dc:date": "2023-01-24T13:38+09:00",
"dcterms:issued": "2023-01-24T13:38+09:00",
"dcterms:modified": "2023-01-24T13:38+09:00",
"description": "CONPROSYS HMI System (CHS) provided by CONTEC CO.,LTD. contains multiple SQL injection vulnerabilities (CWE-89).\r\n\r\nMosin from ELEX FEIGONG RESEARCH INSTITUTE of Elex CyberSecurity, Inc., reported these vulnerabilities to Contec Co., Ltd.\r\nContec Co., Ltd. reported the issues to JPCERT/CC in order to notify the solutions to the users through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-001108.html",
"sec:cpe": {
"#text": "cpe:/a:contec:conprosys_hmi_system",
"@product": "CONPROSYS HMI System (CHS)",
"@vendor": "Contec",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2023-001108",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU97195023/index.html",
"@id": "JVNVU#97195023",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-22324",
"@id": "CVE-2023-22324",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-22324",
"@id": "CVE-2023-22324",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-89",
"@title": "SQL Injection(CWE-89)"
}
],
"title": "Contec CONPROSYS HMI System (CHS) vulnerable to multiple SQL injections"
}
jvndb-2025-007754
Vulnerability from jvndb
Published
2025-07-02 11:31
Modified
2025-07-02 11:31
Severity ?
Summary
Multiple vulnerabilities in Contec CONPROSYS HMI System (CHS)
Details
CONPROSYS HMI System (CHS) provided by Contec Co.,Ltd. contains multiple vulnerabilities listed below.
* Reflected cross-site scripting (CWE-79) - CVE-2025-34080
* Insertion of sensitive information into debugging code (CWE-215) - CVE-2025-34081
Alex Williams of Converge Technology Solutions reported these vulnerabilities to Vulncheck Inc., and
Vulncheck Inc. reported these vulnerabilities to the developer.
Based on the coordination request made by the developer, JPCERT/CC coordinated with Vulncheck Inc. and the developer.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/vu/JVNVU92266386/index.html | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2025-34080 | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2025-34081 | |
| Insertion of Sensitive Information Into Debugging Code(CWE-215) | https://cwe.mitre.org/data/definitions/215.html | |
| Cross-site Scripting(CWE-79) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Contec | CONPROSYS HMI System (CHS) |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-007754.html",
"dc:date": "2025-07-02T11:31+09:00",
"dcterms:issued": "2025-07-02T11:31+09:00",
"dcterms:modified": "2025-07-02T11:31+09:00",
"description": "CONPROSYS HMI System (CHS) provided by Contec Co.,Ltd. contains multiple vulnerabilities listed below.\r\n\r\n * Reflected cross-site scripting (CWE-79) - CVE-2025-34080\r\n * Insertion of sensitive information into debugging code (CWE-215) - CVE-2025-34081\r\n\r\nAlex Williams of Converge Technology Solutions reported these vulnerabilities to Vulncheck Inc., and\r\nVulncheck Inc. reported these vulnerabilities to the developer.\r\nBased on the coordination request made by the developer, JPCERT/CC coordinated with Vulncheck Inc. and the developer.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-007754.html",
"sec:cpe": {
"#text": "cpe:/a:contec:conprosys_hmi_system",
"@product": "CONPROSYS HMI System (CHS)",
"@vendor": "Contec",
"@version": "2.2"
},
"sec:cvss": {
"@score": "6.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-007754",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU92266386/index.html",
"@id": "JVNVU#92266386",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-34080",
"@id": "CVE-2025-34080",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-34081",
"@id": "CVE-2025-34081",
"@source": "CVE"
},
{
"#text": "https://cwe.mitre.org/data/definitions/215.html",
"@id": "CWE-215",
"@title": "Insertion of Sensitive Information Into Debugging Code(CWE-215)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Multiple vulnerabilities in Contec CONPROSYS HMI System (CHS)"
}
jvndb-2022-002779
Vulnerability from jvndb
Published
2022-12-16 13:29
Modified
2023-01-11 16:55
Severity ?
Summary
Multiple vulnerabilities in Contec CONPROSYS HMI System (CHS)
Details
CONPROSYS HMI System (CHS) provided by Contec Co., Ltd. contains multiple vulnerabilities listed below.
* OS Command Injection (CWE-78) - CVE-2022-44456
* Use of Default Credentials (CWE-1392) - CVE-2023-22331
* Use of Password Hash Instead of Password for Authentication (CWE-836) - CVE-2023-22334
* Cross-site Scripting (CWE-79) - CVE-2023-22373
* Improper Access Control (CWE-284) - CVE-2023-22339
Floris Hendriks and Jeroen Wijenbergh of Radboud University reported these vulnerabilities to Contec Co., Ltd. and coordinated. Contec Co., Ltd. and JPCERT/CC published respective advisories in order to notify users of its solution.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Contec | CONPROSYS HMI System (CHS) |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-002779.html",
"dc:date": "2023-01-11T16:55+09:00",
"dcterms:issued": "2022-12-16T13:29+09:00",
"dcterms:modified": "2023-01-11T16:55+09:00",
"description": "CONPROSYS HMI System (CHS) provided by Contec Co., Ltd. contains multiple vulnerabilities listed below.\r\n \r\n * OS Command Injection (CWE-78) - CVE-2022-44456\r\n * Use of Default Credentials (CWE-1392) - CVE-2023-22331\r\n * Use of Password Hash Instead of Password for Authentication (CWE-836) - CVE-2023-22334\r\n * Cross-site Scripting (CWE-79) - CVE-2023-22373\r\n * Improper Access Control (CWE-284) - CVE-2023-22339\r\n\r\nFloris Hendriks and Jeroen Wijenbergh of Radboud University reported these vulnerabilities to Contec Co., Ltd. and coordinated. Contec Co., Ltd. and JPCERT/CC published respective advisories in order to notify users of its solution.",
"link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-002779.html",
"sec:cpe": {
"#text": "cpe:/a:contec:conprosys_hmi_system",
"@product": "CONPROSYS HMI System (CHS)",
"@vendor": "Contec",
"@version": "2.2"
},
"sec:cvss": {
"@score": "10.0",
"@severity": "Critical",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2022-002779",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU96873821/index.html",
"@id": "JVNVU#96873821",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-44456",
"@id": "CVE-2022-44456",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-22331",
"@id": "CVE-2023-22331",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-22334",
"@id": "CVE-2023-22334",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-22373",
"@id": "CVE-2023-22373",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-22339",
"@id": "CVE-2023-22339",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-44456",
"@id": "CVE-2022-44456",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-22331",
"@id": "CVE-2023-22331",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-22334",
"@id": "CVE-2023-22334",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-22339",
"@id": "CVE-2023-22339",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-22373",
"@id": "CVE-2023-22373",
"@source": "NVD"
},
{
"#text": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-347-03",
"@id": "ICSA-22-347-03",
"@source": "ICS-CERT ADVISORY"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/836.html",
"@id": "CWE-836",
"@title": "Use of Password Hash Instead of Password for Authentication(CWE-836)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/284.html",
"@id": "CWE-284",
"@title": "Improper Access Control(CWE-284)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/1392.html",
"@id": "CWE-1392",
"@title": "Use of Default Credentials(CWE-1392)"
}
],
"title": "Multiple vulnerabilities in Contec CONPROSYS HMI System (CHS)"
}