PT-2023-3009 · Unknown · Conprosys Hmi System
Michael Heinzl
·
Published
2023-05-11
·
Updated
2025-01-09
·
CVE-2023-28824
CVSS v3.1
4.9
Medium
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
CONPROSYS HMI System (CHS) versions prior to 3.5.3
Description
A server-side request forgery issue exists, allowing an attacker with administrative privileges to bypass database restrictions and connect to unintended databases. The vulnerability is related to insufficient validation of incoming requests, which can be exploited by a remote attacker to perform a server-side request forgery (SSRF) attack.
Recommendations
For versions prior to 3.5.3, update to version 3.5.3 or later to resolve the issue.
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Conprosys Hmi System