PT-2023-3010 · Unknown · Conprosys Hmi System

Conan0313

Publicado

2023-05-11

Atualizado

2025-01-09

CVE-2023-28713

CVSS v3.1

8.1

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions CONPROSYS HMI System (CHS) versions prior to 3.5.3

Description The issue concerns the storage of passwords in plaintext within the CONPROSYS HMI System. Specifically, account information for the database is saved in a local file without encryption. This allows any user with access to the PC where the affected product is installed to obtain the database information. As a result, unauthorized access to the database is possible, potentially leading to the alteration of its contents.

Recommendations For versions prior to 3.5.3, update to version 3.5.3 or later to resolve the issue.

Correção

Missing Encryption of Sensitive Data

Cleartext Storage of Sensitive Information

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-256CWE-311CWE-312

Identificadores relacionados

BDU:2023-03045

CVE-2023-28713

Produtos afetados

Conprosys Hmi System

PT-2023-3010 · Unknown · Conprosys Hmi System

CVE-2023-28713

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8