CVE-2023-28399

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Jun 1, 2023

Updated: Jan 9, 2025

CWE ID 732

Summary

CVE-2023-28399 is a vulnerability affecting the CONPROSYS HMI System (CHS) versions prior to 3.5.3. This issue arises due to incorrect permission assignment for a critical resource. The Access Control List (ACL) is not adequately set to the local folder where the product is installed, granting a broad range of privileges to users on the affected PC. An unauthorized user could potentially exploit this vulnerability to destroy the system or execute malicious programs.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Contec

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/rcTsMs
https://www.cve.org/CVERecord?id=CVE-2023-28399
https://nvd.nist.gov/vuln/detail/CVE-2023-28399

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners

CVE-2023-28399

CVSS 3.1 Score 7.8 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations