Security Vulnerabilities fixed in CONPROSYS HMI System ICSA-22-347-03
Description
In CONPROSYS HMI System Ver.3.4.5 and prior: user credential information could be altered by a remote unauthenticated attacker or be obtained via a machine-in-the-middle attack, an arbitrary script could be executed on the web browser of the administrative user logging into the product, and a remote unauthenticated attacker could obtain the server certificate, including the private key of the product.
Affected Applications
CONPROSYS HMI System