SQL Injection Vulnerability in CONPROSYS HMI System (CHS) Versions Prior to 3.5.3

CVE-2023-29154 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

SQL injection vulnerability exists in the CONPROSYS HMI System (CHS) versions prior to 3.5.3. A user who can access the affected product with an administrative privilege may execute an arbitrary SQL command via specially crafted input to the query setting page.

Learn more about our User Device Pen Test.