CVE-2023-28651

Summary

Cross-site scripting vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. If a user who can access the affected product with an administrative privilege configures specially crafted settings, an arbitrary script may be executed on the web browser of the other user who is accessing the affected product with an administrative privilege.

Affected Software

VendorProductVersion RangeStatus
Contec Co., Ltd.CONPROSYS HMI System (CHS)versions prior to 3.5.3affected

Weaknesses

  • Cross-site scripting

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References