Multiple vulnerabilities in Contec CONPROSYS IoT Gateway products
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2023-27917 CVE-2023-27389 CVE-2023-23575 |
| CWE-ID | CWE-78 CWE-326 CWE-284 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
M2M Gateway CPS-MG341-ADSC1-111 Hardware solutions / Routers & switches, VoIP, GSM, etc M2M Gateway CPS-MG341-ADSC1-931 Hardware solutions / Routers & switches, VoIP, GSM, etc M2M Gateway CPS-MG341G-ADSC1-111 Hardware solutions / Routers & switches, VoIP, GSM, etc M2M Gateway CPS-MG341G-ADSC1-930 Hardware solutions / Routers & switches, VoIP, GSM, etc M2M Gateway CPS-MG341G5-ADSC1-931 Hardware solutions / Routers & switches, VoIP, GSM, etc M2M Controller Integrated Type CPS-MC341-ADSC1-111 Hardware solutions / Routers & switches, VoIP, GSM, etc M2M Controller Integrated Type CPS-MC341-ADSC1-931 Hardware solutions / Routers & switches, VoIP, GSM, etc M2M Controller Integrated Type CPS-MC341-ADSC2-111 Hardware solutions / Routers & switches, VoIP, GSM, etc M2M Controller Integrated Type CPS-MC341G-ADSC1-110 Hardware solutions / Routers & switches, VoIP, GSM, etc M2M Controller Integrated Type CPS-MC341Q-ADSC1-111 Hardware solutions / Routers & switches, VoIP, GSM, etc M2M Controller Integrated Type CPS-MC341-DS1-111 Hardware solutions / Routers & switches, VoIP, GSM, etc M2M Controller Integrated Type CPS-MC341-DS11-111 Hardware solutions / Routers & switches, VoIP, GSM, etc M2M Controller Integrated Type CPS-MC341-DS2-911 Hardware solutions / Routers & switches, VoIP, GSM, etc M2M Controller Integrated Type CPS-MC341-A1-111 Hardware solutions / Routers & switches, VoIP, GSM, etc M2M Controller Configurable Type CPS-MCS341-DS1-111 Hardware solutions / Routers & switches, VoIP, GSM, etc M2M Controller Configurable Type CPS-MCS341-DS1-131 Hardware solutions / Routers & switches, VoIP, GSM, etc M2M Controller Configurable Type CPS-MCS341G-DS1-130 Hardware solutions / Routers & switches, VoIP, GSM, etc M2M Controller Configurable Type CPS-MCS341G5-DS1-130 Hardware solutions / Routers & switches, VoIP, GSM, etc M2M Controller Configurable Type CPS-MCS341Q-DS1-131 Hardware solutions / Routers & switches, VoIP, GSM, etc |
| Vendor | Contec |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) OS Command Injection
EUVDB-ID: #VU73776
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-27917
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the Network Maintenance page. A remote user can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsM2M Gateway CPS-MG341-ADSC1-111: 3.7.10
M2M Gateway CPS-MG341-ADSC1-931: 3.7.10
M2M Gateway CPS-MG341G-ADSC1-111: 3.7.10
M2M Gateway CPS-MG341G-ADSC1-930: 3.7.10
M2M Gateway CPS-MG341G5-ADSC1-931: 3.7.10
M2M Controller Integrated Type CPS-MC341-ADSC1-111: 3.7.6
M2M Controller Integrated Type CPS-MC341-ADSC1-931: 3.7.6
M2M Controller Integrated Type CPS-MC341-ADSC2-111: 3.7.6
M2M Controller Integrated Type CPS-MC341G-ADSC1-110: 3.7.6
M2M Controller Integrated Type CPS-MC341Q-ADSC1-111: 3.7.6
M2M Controller Integrated Type CPS-MC341-DS1-111: 3.7.6
M2M Controller Integrated Type CPS-MC341-DS11-111: 3.7.6
M2M Controller Integrated Type CPS-MC341-DS2-911: 3.7.6
M2M Controller Integrated Type CPS-MC341-A1-111: 3.7.6
M2M Controller Configurable Type CPS-MCS341-DS1-111: 3.8.8
M2M Controller Configurable Type CPS-MCS341-DS1-131: 3.8.8
M2M Controller Configurable Type CPS-MCS341G-DS1-130: 3.8.8
M2M Controller Configurable Type CPS-MCS341G5-DS1-130: 3.8.8
M2M Controller Configurable Type CPS-MCS341Q-DS1-131: 3.8.8
External linkshttp://jvn.jp/en/vu/JVNVU96198617/index.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Inadequate Encryption Strength
EUVDB-ID: #VU73778
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-27389
CWE-ID:
CWE-326 - Inadequate Encryption Strength
Exploit availability: No
DescriptionThe vulnerability allows a remote user to compromise the target system.
The vulnerability exists due to firmware update file contains a firmware image encrypted. A remote administrator can use a specially crafted Firmware update file and execute arbitrary code on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsM2M Gateway CPS-MG341-ADSC1-111: 3.7.10
M2M Gateway CPS-MG341-ADSC1-931: 3.7.10
M2M Gateway CPS-MG341G-ADSC1-111: 3.7.10
M2M Gateway CPS-MG341G-ADSC1-930: 3.7.10
M2M Gateway CPS-MG341G5-ADSC1-931: 3.7.10
M2M Controller Integrated Type CPS-MC341-ADSC1-111: 3.7.6
M2M Controller Integrated Type CPS-MC341-ADSC1-931: 3.7.6
M2M Controller Integrated Type CPS-MC341-ADSC2-111: 3.7.6
M2M Controller Integrated Type CPS-MC341G-ADSC1-110: 3.7.6
M2M Controller Integrated Type CPS-MC341Q-ADSC1-111: 3.7.6
M2M Controller Integrated Type CPS-MC341-DS1-111: 3.7.6
M2M Controller Integrated Type CPS-MC341-DS11-111: 3.7.6
M2M Controller Integrated Type CPS-MC341-DS2-911: 3.7.6
M2M Controller Integrated Type CPS-MC341-A1-111: 3.7.6
M2M Controller Configurable Type CPS-MCS341-DS1-111: 3.8.8
M2M Controller Configurable Type CPS-MCS341-DS1-131: 3.8.8
M2M Controller Configurable Type CPS-MCS341G-DS1-130: 3.8.8
M2M Controller Configurable Type CPS-MCS341G5-DS1-130: 3.8.8
M2M Controller Configurable Type CPS-MCS341Q-DS1-131: 3.8.8
External linkshttp://jvn.jp/en/vu/JVNVU96198617/index.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper access control
EUVDB-ID: #VU73779
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-23575
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote user can access Network Maintenance page to obtain the network information of the product.
MitigationInstall updates from vendor's website.
Vulnerable software versionsM2M Gateway CPS-MG341-ADSC1-111: 3.7.10
M2M Gateway CPS-MG341-ADSC1-931: 3.7.10
M2M Gateway CPS-MG341G-ADSC1-111: 3.7.10
M2M Gateway CPS-MG341G-ADSC1-930: 3.7.10
M2M Gateway CPS-MG341G5-ADSC1-931: 3.7.10
M2M Controller Integrated Type CPS-MC341-ADSC1-111: 3.7.6
M2M Controller Integrated Type CPS-MC341-ADSC1-931: 3.7.6
M2M Controller Integrated Type CPS-MC341-ADSC2-111: 3.7.6
M2M Controller Integrated Type CPS-MC341G-ADSC1-110: 3.7.6
M2M Controller Integrated Type CPS-MC341Q-ADSC1-111: 3.7.6
M2M Controller Integrated Type CPS-MC341-DS1-111: 3.7.6
M2M Controller Integrated Type CPS-MC341-DS11-111: 3.7.6
M2M Controller Integrated Type CPS-MC341-DS2-911: 3.7.6
M2M Controller Integrated Type CPS-MC341-A1-111: 3.7.6
M2M Controller Configurable Type CPS-MCS341-DS1-111: 3.8.8
M2M Controller Configurable Type CPS-MCS341-DS1-131: 3.8.8
M2M Controller Configurable Type CPS-MCS341G-DS1-130: 3.8.8
M2M Controller Configurable Type CPS-MCS341G5-DS1-130: 3.8.8
M2M Controller Configurable Type CPS-MCS341Q-DS1-131: 3.8.8
External linkshttp://jvn.jp/en/vu/JVNVU96198617/index.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
