Contec CONPROSYS HMI System Login DoS | allinfosecnews.com

May 31, 2023, 1:51 p.m. | Jimi Sebree

Tenable Research Advisories www.tenable.com

Contec CONPROSYS HMI System Login DoS

A denial of service vulnerability exists in Contec CONPROSYS HMI System (CHS) v3.5.2. An unauthenticated remote attacker can exploit it to prevent legitimate users from logging in from the attacker-specified IP addresses for hours if the time zones configured in PHP and PostgreSQL are different. The attacker can repeat the attack to cause login DoS for an extended period of time.

Proof of Concept
Prevent logins from localhost.
Set "date.timezone" to "UTC" in php.ini …

contec dos hmi login system

More from www.tenable.com / Tenable Research Advisories

Multiple Vulnerabilities in Adobe FrameMaker Publishing Server (FMPS) December 2022 release Update 2 3 days, 10 hours ago | www.tenable.com

adobe adobe framemaker api api authentication +13

Google Cloud Platform (GCP) Privilege Escalation Vulnerability In Cloud Functions 5 days, 9 hours ago | www.tenable.com

cloud cloud functions cloud platform escalation +9

Google Cloud Platform (GCP) Privilege Escalation Vulnerability In Cloud Functions 5 days, 9 hours ago | www.tenable.com

cloud cloud functions cloud platform escalation +9

Microsoft Azure Firewall Bypass Vulnerability 6 days, 11 hours ago | www.tenable.com

azure bypass bypass vulnerability firewall +4

Google Cloud Platform Remote Code Execution Vulnerability in GCP Composer 1 week ago | www.tenable.com

arbitrary code attackers cloud cloud platform +19

Fluent Bit Memory Corruption Vulnerability 3 weeks, 2 days ago | www.tenable.com

corruption memory memory corruption vulnerability

Cross-Site Scripting in WordPress RSS Aggregator Plugin 3 weeks, 5 days ago | www.tenable.com

cross-site plugin rss scripting +1

Solidus Stored Cross-Site Scripting 3 weeks, 5 days ago | www.tenable.com

cross-site inject javascript malicious +8

CyberPower PowerPanel Enterprise Power Device Network Utility Multiple Vulnerabilities 1 month ago | www.tenable.com

access account action admin +42

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland

View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City

View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL

View on infosec-jobs.com

Senior Security Researcher - Linux MacOS EDR (Cortex)

@ Palo Alto Networks | Tel Aviv-Yafo, Israel

View on infosec-jobs.com

Sr. Manager, NetSec GTM Programs

@ Palo Alto Networks | Santa Clara, CA, United States

View on infosec-jobs.com

SOC Analyst I

@ Fortress Security Risk Management | Cleveland, OH, United States

View on infosec-jobs.com