Conan0313

**Name of the Vulnerable Software and Affected Versions** Tongda OA 2017 versions up to 11.9 **Description** A critical issue has been found in the software, affecting some unknown functionality of the file general/system/censor words/manage/delete.php. The manipulation of the `DELETE STR` argument leads to SQL injection. The issue has been publicly disclosed and may be exploited. **Recommendations** For Tongda OA 2017 versions up to 11.9, upgrade to version 11.10 to address this issue. As a temporary workaround, consider restricting access to the `delete.php` file in the `general/system/censor words/manage` directory until the upgrade is applied. Avoid using the `DELETE STR` argument in the affected functionality until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** CONPROSYS HMI System (CHS) versions prior to 3.5.3 **Description** The issue concerns the storage of passwords in plaintext within the CONPROSYS HMI System. Specifically, account information for the database is saved in a local file without encryption. This allows any user with access to the PC where the affected product is installed to obtain the database information. As a result, unauthorized access to the database is possible, potentially leading to the alteration of its contents. **Recommendations** For versions prior to 3.5.3, update to version 3.5.3 or later to resolve the issue.