CVE-2023-28657 – An improper access control vulnerability in CON... (How to Fix)

Q: What is the severity of CVE-2023-28657?

CVE-2023-28657 has a CVSS score of 8.8 (HIGH). An improper access control vulnerability in CONPROSYS HMI System (CHS) allows local users to escalate privileges to administrative level. This affects all versions prior to 3.5.3. Users with local access to the PC where CHS is installed can gain admin rights to view or modify product information.

📋 TL;DR

An improper access control vulnerability in CONPROSYS HMI System (CHS) allows local users to escalate privileges to administrative level. This affects all versions prior to 3.5.3. Users with local access to the PC where CHS is installed can gain admin rights to view or modify product information.

💻 Affected Systems

Products:

CONPROSYS HMI System (CHS)

Versions: All versions prior to 3.5.3

Operating Systems: Windows (based on typical HMI deployment)

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems where CHS is installed on Windows-based HMI workstations in industrial control environments.

📦 What is this software?

Conprosys Hmi System by Contec

View all CVEs affecting Conprosys Hmi System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local attacker gains full administrative control over the HMI system, potentially modifying critical industrial control configurations, stealing sensitive operational data, or disrupting industrial processes.

🟠

Likely Case

Authorized local users accidentally or intentionally escalate privileges to admin level, gaining unauthorized access to system settings and configuration data they shouldn't have.

🟢

If Mitigated

With proper network segmentation and access controls, impact is limited to the local system only, preventing lateral movement to other industrial control systems.

🌐 Internet-Facing: LOW - This is a local privilege escalation requiring physical or remote desktop access to the affected system.

🏢 Internal Only: HIGH - Any user with local access to the HMI workstation can potentially gain administrative privileges and compromise the industrial control system.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Requires local access to the system but likely involves simple privilege escalation techniques once local access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.5.3

Vendor Advisory: https://www.contec.com/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_230531_en.pdf

Restart Required: Yes

Instructions:

1. Download CHS version 3.5.3 from Contec support portal. 2. Backup current configuration and data. 3. Install the update following vendor instructions. 4. Restart the system. 5. Verify the update was successful.

🔧 Temporary Workarounds

Restrict Local Access

all

Limit physical and remote access to HMI workstations to authorized personnel only

Implement Least Privilege

windows

Configure Windows accounts with minimal necessary privileges and separate admin accounts

net localgroup "Remote Desktop Users" /add [username]
net localgroup "Administrators" /remove [username]

🧯 If You Can't Patch

Implement strict physical security controls for HMI workstations
Segment HMI network from corporate network and implement firewall rules

🔍 How to Verify

Check if Vulnerable:

Check CHS version in application settings or About dialog. If version is below 3.5.3, system is vulnerable.

Check Version:

Check CHS application menu → Help → About or view program properties

Verify Fix Applied:

Verify CHS version shows 3.5.3 or higher in application settings. Test that standard users cannot perform administrative functions.

📡 Detection & Monitoring

Log Indicators:

Windows Event Logs showing privilege escalation attempts
Unexpected administrative actions from non-admin accounts
Account permission changes in security logs

Network Indicators:

Unusual administrative access patterns to HMI system
Lateral movement attempts from HMI workstation

SIEM Query:

EventID=4672 OR EventID=4688 | where SubjectUserName != "SYSTEM" AND PrivilegeList contains "SeDebugPrivilege" OR "SeTcbPrivilege"

📊 Metadata

CVE ID: CVE-2023-28657

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-862

Published: June 1, 2023

Last Updated: January 9, 2025

🔗 References

https://jvn.jp/en/vu/JVNVU93372935/ Third Party Advisory
https://www.contec.com/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_230531_en.pdf Vendor Advisory
https://www.contec.com/jp/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_230531_jp.pdf Vendor Advisory
https://jvn.jp/en/vu/JVNVU93372935/ Third Party Advisory
https://www.contec.com/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_230531_en.pdf Vendor Advisory
https://www.contec.com/jp/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_230531_jp.pdf Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-28657, you might also want to check these: