Published:2022/12/14  Last Updated:2023/01/10

JVNVU#96873821
Multiple vulnerabilities in Contec CONPROSYS HMI System (CHS)

Overview

CONPROSYS HMI System (CHS) provided by Contec Co., Ltd. contains multiple vulnerabilities.

Products Affected

CVE-2022-44456

  • CONPROSYS HMI System (CHS) Ver.3.4.4 and earlier
CVE-2023-22331, CVE-2023-22334, CVE-2023-22373, CVE-2023-22339
  • CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier

Description

CONPROSYS HMI System (CHS) provided by Contec Co., Ltd. contains multiple vulnerabilities listed below.

  • OS Command Injection (CWE-78) - CVE-2022-44456
    CVSS v3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Base Score: 10.0
  • Use of Default Credentials (CWE-1392) - CVE-2023-22331
    CVSS v3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Base Score: 7.5
  • Use of Password Hash Instead of Password for Authentication (CWE-836) - CVE-2023-22334
    CVSS v3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Base Score: 5.3
  • Cross-site Scripting (CWE-79) - CVE-2023-22373
    CVSS v3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N Base Score: 5.7
  • Improper Access Control (CWE-284) - CVE-2023-22339
    CVSS v3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Base Score: 7.5

Impact

CVE-2022-44456

An arbitrary OS command may be executed on the server where the product is running, when an unauthenticated remote attacker sends a specially crafted request.

CVE-2023-22331
User credentials information may be altered by a remote unauthenticated attacker.

CVE-2023-22334
User credentials information may be obtained via a man-in-the-middle attack.

CVE-2023-22373
An arbitrary script may be executed on the web browser of the administrative user who is logging into the product, and sensitive information may be obtained.

CVE-2023-22339
A remote unauthenticated attacker may obtain the server certificate including the private key of the product.

Solution

Update the software
Update the software to the latest version according to the information provided by the developer.

References

  1. ICS Advisory (ICSA-22-347-03)
    Contec CONPROSYS HMI System (CHS)

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Floris Hendriks and Jeroen Wijenbergh of Radboud University reported these vulnerabilities to Contec Co., Ltd. and coordinated. Contec Co., Ltd. and JPCERT/CC published respective advisories in order to notify users of its solution.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2022-44456
CVE-2023-22331
CVE-2023-22334
CVE-2023-22373
CVE-2023-22339
JVN iPedia

Update History

2023/01/10
Information under the section [Title], [Overview], [Products Affected], [Description], [Impact], [Vendor Status], [References], and [Credit] was updated.