Threat Encyclopedia

Improper Privilege Management, Improper Authentication, Improper Access Control, and Cross-Site Scripting Vulnerabilities for CONPROSYS HMI System


In CONPROSYS HMI System Ver.3.4.5 and prior: user credential information could be altered by a remote unauthenticated attacker or be obtained via a machine-in-the-middle attack, an arbitrary script could be executed on the web browser of the administrative user logging into the product, and a remote unauthenticated attacker could obtain the server certificate, including the private key of the product.

affected-products-logoAffected Applications