PT-2023-21693 · Unknown · Conprosys Hmi System
K0Shl
·
Published
2023-06-01
·
Updated
2025-01-09
·
CVE-2023-28399
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
CONPROSYS HMI System (CHS) versions prior to 3.5.3
Description
The issue is related to incorrect permission assignment for a critical resource in the CONPROSYS HMI System (CHS). The Access Control List (ACL) is not set correctly for the local folder where the product is installed, allowing a wide range of privileges to a user of the PC where the product is installed. This could enable the user to destroy the system and/or execute a malicious program.
Recommendations
For CONPROSYS HMI System (CHS) versions prior to 3.5.3, update to version 3.5.3 or later to resolve the issue.
Fix
Incorrect Permission
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Conprosys Hmi System