CVE-2023-2758

LOW

Contec Conprosys Hmi System < 3.5.3 - Denial of Service

Title source: rule

Description

A denial of service vulnerability exists in Contec CONPROSYS HMI System versions 3.5.2 and prior. When there is a time-zone mismatch in certain configuration files, a remote, unauthenticated attacker may deny logins for an extended period of time.

References (2)

[Third Party Advisory] https://jvn.jp/en/vu/JVNVU93372935/index.html

[Exploit, Third Party Advisory] https://www.tenable.com/security/research/tra-2023-21

Scores

CVSS v3 3.7

EPSS 0.0031

EPSS Percentile 54.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-799

Status published

Products (1)

contec/conprosys_hmi_system < 3.5.3

Published May 31, 2023

Tracked Since Feb 18, 2026