CVE-2023-22334

Name of the Vulnerable Software and Affected Versions CONPROSYS HMI System (CHS) versions 3.4.5 and earlier

Description The issue is related to the use of a password hash instead of the password for authentication, allowing a remote authenticated attacker to obtain user credentials information via a man-in-the-middle attack. This can lead to the disclosure of protected information.

Recommendations For CONPROSYS HMI System (CHS) versions 3.4.5 and earlier, consider updating to a version that uses password authentication instead of password hash to prevent exploitation. As a temporary workaround, restrict access to sensitive information and implement additional security measures to minimize the risk of man-in-the-middle attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.