CVE-2023-28713

Published: Jun 1, 2023Modified: Jan 9, 2025

8.1

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Exploitability: 2.8 / Impact: 5.2

Source: NVD

Description

Plaintext storage of a password exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. Because account information of the database is saved in a local file in plaintext, a user who can access the PC where the affected product is installed can obtain the information. As a result, information in the database may be obtained and/or altered by the user.

Affected (1)

Products: Contec: Conprosys Hmi System

1 product

Conprosys Hmi System

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Contec Conprosys Hmi System	Before 3.5.3

Related CWEs

Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

References (6)

https://jvn.jp/en/vu/JVNVU93372935/

Source: vultures@jpcert.or.jp

Third Party Advisory

https://www.contec.com/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_230531_en.pdf

Source: vultures@jpcert.or.jp

Vendor Advisory

https://www.contec.com/jp/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_230531_jp.pdf

Source: vultures@jpcert.or.jp

Vendor Advisory

https://jvn.jp/en/vu/JVNVU93372935/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.contec.com/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_230531_en.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.contec.com/jp/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_230531_jp.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.