Filtered by vendor Contec
Subscribe
Total
44 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-23575 | 1 Contec | 38 Cps-mc341-a1-111, Cps-mc341-a1-111 Firmware, Cps-mc341-adsc1-111 and 35 more | 2023-04-18 | N/A | 4.3 MEDIUM |
| Improper access control vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker to bypass access restriction and access Network Maintenance page, which may result in obtaining the network information of the product. The affected products and versions are as follows: M2M Gateway with the firmware Ver.3.7.10 and earlier (CPS-MG341-ADSC1-111, CPS-MG341-ADSC1-931, CPS-MG341G-ADSC1-111, CPS-MG341G-ADSC1-930, and CPS-MG341G5-ADSC1-931), M2M Controller Integrated Type with firmware Ver.3.7.6 and earlier versions (CPS-MC341-ADSC1-111, CPS-MC341-ADSC1-931, CPS-MC341-ADSC2-111, CPS-MC341G-ADSC1-110, CPS-MC341Q-ADSC1-111, CPS-MC341-DS1-111, CPS-MC341-DS11-111, CPS-MC341-DS2-911, and CPS-MC341-A1-111), and M2M Controller Configurable Type with firmware Ver.3.8.8 and earlier versions (CPS-MCS341-DS1-111, CPS-MCS341-DS1-131, CPS-MCS341G-DS1-130, CPS-MCS341G5-DS1-130, and CPS-MCS341Q-DS1-131). | |||||
| CVE-2022-44355 | 1 Contec | 2 Solarview Compact, Solarview Compact Firmware | 2023-03-23 | N/A | 6.1 MEDIUM |
| SolarView Compact 7.0 is vulnerable to Cross-site Scripting (XSS) via /network_test.php. | |||||
| CVE-2023-22324 | 1 Contec | 1 Conprosys Hmi System | 2023-02-06 | N/A | 6.5 MEDIUM |
| SQL injection vulnerability in the CONPROSYS HMI System (CHS) Ver.3.5.0 and earlier allows a remote authenticated attacker to execute an arbitrary SQL command. As a result, information stored in the database may be obtained. | |||||
| CVE-2023-22334 | 1 Contec | 1 Conprosys Hmi System | 2023-01-26 | N/A | 5.3 MEDIUM |
| Use of password hash instead of password for authentication vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote authenticated attacker to obtain user credentials information via a man-in-the-middle attack. | |||||
| CVE-2023-22331 | 1 Contec | 1 Conprosys Hmi System | 2023-01-26 | N/A | 7.5 HIGH |
| Use of default credentials vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote unauthenticated attacker to alter user credentials information. | |||||
| CVE-2023-22339 | 1 Contec | 1 Conprosys Hmi System | 2023-01-26 | N/A | 7.5 HIGH |
| Improper access control vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote unauthenticated attacker to bypass access restriction and obtain the server certificate including the private key of the product. | |||||
| CVE-2023-22373 | 1 Contec | 1 Conprosys Hmi System | 2023-01-26 | N/A | 5.4 MEDIUM |
| Cross-site scripting vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote authenticated attacker to inject an arbitrary script and obtain the sensitive information. | |||||
| CVE-2022-44456 | 1 Contec | 1 Conprosys Hmi System | 2022-12-22 | N/A | 9.8 CRITICAL |
| CONPROSYS HMI System (CHS) Ver.3.4.4?and earlier allows a remote unauthenticated attacker to execute an arbitrary OS command on the server where the product is running by sending a specially crafted request. | |||||
| CVE-2022-44354 | 1 Contec | 2 Solarview Compact, Solarview Compact Firmware | 2022-12-01 | N/A | 9.8 CRITICAL |
| SolarView Compact 4.0 and 5.0 is vulnerable to Unrestricted File Upload via a crafted php file. | |||||
| CVE-2022-40881 | 1 Contec | 2 Solarview Compact, Solarview Compact Firmware | 2022-11-18 | N/A | 9.8 CRITICAL |
| SolarView Compact 6.00 was discovered to contain a command injection vulnerability via network_test.php | |||||
| CVE-2022-29298 | 1 Contec | 2 Sv-cpt-mc310, Sv-cpt-mc310 Firmware | 2022-10-19 | 5.0 MEDIUM | 7.5 HIGH |
| SolarView Compact ver.6.00 allows attackers to access sensitive files via directory traversal. | |||||
| CVE-2022-36159 | 1 Contec | 8 Fxa2000, Fxa2000 Firmware, Fxa3000 and 5 more | 2022-10-03 | N/A | 8.8 HIGH |
| Contec FXA3200 version 1.13 and under were discovered to contain a hard coded hash password for root stored in the component /etc/shadow. As the password strength is weak, it can be cracked in few minutes. Through this credential, a malicious actor can access the Wireless LAN Manager interface and open the telnet port then sniff the traffic or inject any malware. | |||||
| CVE-2022-35239 | 1 Contec | 4 Sv-cpt-mc310, Sv-cpt-mc310 Firmware, Sv-cpt-mc310f and 1 more | 2022-08-18 | N/A | 8.8 HIGH |
| The image file management page of SolarView Compact SV-CPT-MC310 Ver.7.23 and earlier, and SV-CPT-MC310F Ver.7.23 and earlier contains an insufficient verification vulnerability when uploading files. If this vulnerability is exploited, arbitrary PHP code may be executed if a remote authenticated attacker uploads a specially crafted PHP file. | |||||
| CVE-2021-20657 | 1 Contec | 2 Sv-cpt-mc310, Sv-cpt-mc310 Firmware | 2022-07-12 | 5.5 MEDIUM | 5.4 MEDIUM |
| Improper access control vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to obtain and/or alter the setting information without the access privilege via unspecified vectors. | |||||
| CVE-2022-31374 | 1 Contec | 2 Sv-cpt-mc310, Sv-cpt-mc310 Firmware | 2022-06-29 | 7.5 HIGH | 9.8 CRITICAL |
| An arbitrary file upload vulnerability /images/background/1.php in of SolarView Compact 6.0 allows attackers to execute arbitrary code via a crafted php file. | |||||
| CVE-2022-31373 | 1 Contec | 2 Sv-cpt-mc310, Sv-cpt-mc310 Firmware | 2022-06-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| SolarView Compact v6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Solar_AiConf.php. | |||||
| CVE-2022-29302 | 1 Contec | 2 Sv-cpt-mc310, Sv-cpt-mc310 Firmware | 2022-05-20 | 2.1 LOW | 5.5 MEDIUM |
| SolarView Compact ver.6.00 was discovered to contain a local file disclosure via /html/Solar_Ftp.php. | |||||
| CVE-2021-20656 | 1 Contec | 2 Sv-cpt-mc310, Sv-cpt-mc310 Firmware | 2021-03-01 | 4.0 MEDIUM | 4.3 MEDIUM |
| Exposure of information through directory listing in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to obtain the information inside the system, such as directories and/or file configurations via unspecified vectors. | |||||
| CVE-2021-20658 | 1 Contec | 2 Sv-cpt-mc310, Sv-cpt-mc310 Firmware | 2021-03-01 | 10.0 HIGH | 9.8 CRITICAL |
| SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to execute arbitrary OS commands with the web server privilege via unspecified vectors. | |||||
| CVE-2021-20659 | 1 Contec | 2 Sv-cpt-mc310, Sv-cpt-mc310 Firmware | 2021-03-01 | 6.5 MEDIUM | 8.8 HIGH |
| SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to upload arbitrary files via unspecified vectors. If the file is PHP script, an attacker may execute arbitrary code. | |||||