| ID | 4739 |
| Created | Jan 27, 2023 |
| Description Updated | Jan 27, 2023 |
| Severity |
|
| Coverage |
FortiClient |
| OS | Windows |
| Vendor | Contec |
| Patch | manual |
| Application | CONPROSYS HMI System |
Refine Search
Threat Encyclopedia
Improper Privilege Management, Improper Authentication, Improper Access Control, and Cross-Site Scripting Vulnerabilities for CONPROSYS HMI System
Description
In CONPROSYS HMI System Ver.3.4.5 and prior: user credential information could be altered by a remote unauthenticated attacker or be obtained via a machine-in-the-middle attack, an arbitrary script could be executed on the web browser of the administrative user logging into the product, and a remote unauthenticated attacker could obtain the server certificate, including the private key of the product.
Affected Applications
CONPROSYS HMI System
