Vulnerability Description
Incorrect permission assignment for critical resource exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. ACL (Access Control List) is not appropriately set to the local folder where the affected product is installed, therefore a wide range of privileges is permitted to a user of the PC where the affected product is installed. As a result, the user may be able to destroy the system and/or execute a malicious program.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Contec | Conprosys Hmi System | < 3.5.3 |
Related Weaknesses (CWE)
References
- https://jvn.jp/en/vu/JVNVU93372935/Third Party Advisory
- https://www.contec.com/api/downloadlogger?download=/-/media/Contec/jp/support/seVendor Advisory
- https://www.contec.com/jp/api/downloadlogger?download=/-/media/Contec/jp/supportVendor Advisory
- https://jvn.jp/en/vu/JVNVU93372935/Third Party Advisory
- https://www.contec.com/api/downloadlogger?download=/-/media/Contec/jp/support/seVendor Advisory
- https://www.contec.com/jp/api/downloadlogger?download=/-/media/Contec/jp/supportVendor Advisory
FAQ
What is CVE-2023-28399?
CVE-2023-28399 is a vulnerability with a CVSS score of 7.8 (HIGH). Incorrect permission assignment for critical resource exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. ACL (Access Control List) is not appropriately set to the local folder where the aff...
How severe is CVE-2023-28399?
CVE-2023-28399 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-28399?
Check the references section above for vendor advisories and patch information. Affected products include: Contec Conprosys Hmi System.