Plaintext Password Storage in CONPROSYS HMI System by Contec
CVE-2023-28713

8.1HIGH

Key Information:

Vendor: Contec Co., Ltd.
Status: CONPROSYS HMI System (CHS)
Vendor: CVE Published:; 1 June 2023

🔔 Create Contec Co., Ltd. Vulnerability Alert

What is CVE-2023-28713?

The CONPROSYS HMI System by Contec contains a vulnerability where sensitive account information is stored in plaintext within a local file. This issue affects versions prior to 3.5.3 and allows any user with access to the PC to easily retrieve or modify the database information. This underscores a significant risk to data integrity and confidentiality within systems utilizing the affected versions.

Affected Version(s)

CONPROSYS HMI System (CHS) versions prior to 3.5.3

References

https://www.contec.com/api/downloadlogger?download=/-/med...

https://www.contec.com/jp/api/downloadlogger?download=/-/...

https://jvn.jp/en/vu/JVNVU93372935/

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 1, 2023
Vulnerability Reserved
May 11, 2023

JSON