CVE-2023-28713

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions CONPROSYS HMI System (CHS) versions prior to 3.5.3

Description The issue concerns the storage of passwords in plaintext within the CONPROSYS HMI System. Specifically, account information for the database is saved in a local file without encryption. This allows any user with access to the PC where the affected product is installed to obtain the database information. As a result, unauthorized access to the database is possible, potentially leading to the alteration of its contents.

Recommendations For versions prior to 3.5.3, update to version 3.5.3 or later to resolve the issue.

Fix

Missing Encryption of Sensitive Data

Cleartext Storage of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-256CWE-311CWE-312

Related Identifiers

BDU:2023-03045

CVE-2023-28713

Affected Products

Conprosys Hmi System

CVE-2023-28713

Weakness Enumeration

Related Identifiers

Affected Products

References · 8