CVE-2023-22324

Summary

SQL injection vulnerability in the CONPROSYS HMI System (CHS) Ver.3.5.0 and earlier allows a remote authenticated attacker to execute an arbitrary SQL command. As a result, information stored in the database may be obtained.

Affected Software

VendorProductVersion RangeStatus
Contec Co., Ltd.CONPROSYS HMI System (CHS)Ver.3.5.0 and earlieraffected

Weaknesses

  • SQL Injection

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References