Medium severity4.9NVD Advisory· Published Jun 1, 2023· Updated Jun 17, 2026
CVE-2023-28824
CVE-2023-28824
Description
Server-side request forgery vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. A user who can access the affected product with an administrative privilege may bypass the database restriction set on the query setting page, and connect to a user unintended database.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Range: <3.5.3
<3.5.3+ 1 more
- (no CPE)range: <3.5.3
- (no CPE)range: versions prior to 3.5.3
Patches
Vulnerability mechanics
References
3- jvn.jp/en/vu/JVNVU93372935/nvdThird Party Advisory
- www.contec.com/api/downloadloggernvdVendor Advisory
- www.contec.com/jp/api/downloadloggernvdVendor Advisory
News mentions
0No linked articles in our index yet.