QwikSec

Security Database

CVE

CWE

Training

CVE-2023-29154

Published: Jun 1, 2023

Modified: Jan 9, 2025

PUBLISHED

Description

SQL injection vulnerability exists in the CONPROSYS HMI System (CHS) versions prior to 3.5.3. A user who can access the affected product with an administrative privilege may execute an arbitrary SQL command via specially crafted input to the query setting page.

Vendor	Product	Versions
Contec Co., Ltd.	CONPROSYS HMI System (CHS)	affected `versions prior to 3.5.3`

References

https://www.contec.com/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_230531_en.pdf

https://www.contec.com/jp/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_230531_jp.pdf

https://jvn.jp/en/vu/JVNVU93372935/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.