CVE-2023-28399

Incorrect permission assignment for critical resource exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. ACL (Access Control List) is not appropriately set to the local folder where the affected product is installed, therefore a wide range of privileges is permitted to a user of the PC where the affected product is installed. As a result, the user may be able to destroy the system and/or execute a malicious program.
Configurations

Configuration 1 (hide)

cpe:2.3:a:contec:conprosys_hmi_system:*:*:*:*:*:*:*:*

History

08 Jun 2023, 13:55

Type Values Removed Values Added
CWE CWE-732
CPE cpe:2.3:a:contec:conprosys_hmi_system:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.8
References (MISC) https://jvn.jp/en/vu/JVNVU93372935/ - (MISC) https://jvn.jp/en/vu/JVNVU93372935/ - Third Party Advisory
References (MISC) https://www.contec.com/jp/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_230531_jp.pdf - (MISC) https://www.contec.com/jp/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_230531_jp.pdf - Vendor Advisory
References (MISC) https://www.contec.com/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_230531_en.pdf - (MISC) https://www.contec.com/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_230531_en.pdf - Vendor Advisory

01 Jun 2023, 02:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-06-01 02:15

Updated : 2024-02-04 23:37


NVD link : CVE-2023-28399

Mitre link : CVE-2023-28399

CVE.ORG link : CVE-2023-28399


JSON object : View

Products Affected

contec

  • conprosys_hmi_system
CWE
CWE-732

Incorrect Permission Assignment for Critical Resource