Contec Conprosys Hmi System — known CVE vulnerabilities
Every CVE whose affected-product data names Contec Conprosys Hmi System, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (15)
CVE-2022-44456 — CVSS 9.8 (critical): CONPROSYS HMI System (CHS) Ver.3.4.4?and earlier allows a remote unauthenticated attacker to execute an arbitrary OS command on the server…
CVE-2023-28657 — CVSS 8.8 (high): Improper access control vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. A user of the PC where the affected…
CVE-2023-28713 — CVSS 8.1 (high): Plaintext storage of a password exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. Because account information of the database…
CVE-2023-28399 — CVSS 7.8 (high): Incorrect permission assignment for critical resource exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. ACL (Access Control…
CVE-2025-34081 — CVSS 7.5 (high): The Contec Co.,Ltd. CONPROSYS HMI System (CHS) exposes a PHP phpinfo() debug page to unauthenticated users that may contain sensitive data…
CVE-2023-22331 — CVSS 7.5 (high): Use of default credentials vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote unauthenticated attacker to…
CVE-2023-22339 — CVSS 7.5 (high): Improper access control vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote unauthenticated attacker to…
CVE-2023-29154 — CVSS 7.2 (high): SQL injection vulnerability exists in the CONPROSYS HMI System (CHS) versions prior to 3.5.3. A user who can access the affected product…
CVE-2023-22324 — CVSS 6.5 (medium): SQL injection vulnerability in the CONPROSYS HMI System (CHS) Ver.3.5.0 and earlier allows a remote authenticated attacker to execute an…
CVE-2025-34080 — CVSS 6.1 (medium): The Contec Co.,Ltd. CONPROSYS HMI System (CHS) is vulnerable to Cross-Site Scripting (XSS) in the getqsetting.php functionality that could…
CVE-2023-22373 — CVSS 5.4 (medium): Cross-site scripting vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote authenticated attacker to inject an…
CVE-2023-22334 — CVSS 5.3 (medium): Use of password hash instead of password for authentication vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a…
CVE-2023-28824 — CVSS 4.9 (medium): Server-side request forgery vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. A user who can access the affected…
CVE-2023-28651 — CVSS 4.8 (medium): Cross-site scripting vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. If a user who can access the affected…
CVE-2023-2758 — CVSS 3.7 (low): A denial of service vulnerability exists in Contec CONPROSYS HMI System versions 3.5.2 and prior. When there is a time-zone mismatch in…