Primary

Context

Contec CONPROSYS HMI System PHP Info Exposure Vulnerability

Vulnerability

Patched

A vulnerability exists in Contec Co., Ltd. CONPROSYS HMI System (CHS) versions prior to 3.7.7, where an unauthenticated user can access a PHP phpinfo() debug page. This page may contain sensitive information that could be beneficial to an attacker.

Impact

Exploitation of this vulnerability allows a remote, unauthenticated attacker to access PHP runtime information, which could be used to facilitate further attacks.

Remediation

Users are advised to update CONPROSYS HMI System (CHS) to version 3.7.7 or later, which addresses this vulnerability.

Added: Jul 1, 2025, 8:37 PM

Updated: Jul 1, 2025, 8:37 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

3.5

exploitability

7.0

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

3.5

exploitability

7.0

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Contec CONPROSYS HMI System PHP Info Exposure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Contec CONPROSYS HMI System

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating