Inadequate Encryption Strength in Contec products - CVE-2023-27389
Published: March 17, 2023
Vulnerability identifier: #VU73778
CSH Severity: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-27389
CWE-ID: CWE-326
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
M2M Gateway CPS-MG341-ADSC1-111
M2M Gateway CPS-MG341-ADSC1-931
M2M Gateway CPS-MG341G-ADSC1-111
M2M Gateway CPS-MG341G-ADSC1-930
M2M Gateway CPS-MG341G5-ADSC1-931
M2M Controller Integrated Type CPS-MC341-ADSC1-111
M2M Controller Integrated Type CPS-MC341-ADSC1-931
M2M Controller Integrated Type CPS-MC341-ADSC2-111
M2M Controller Integrated Type CPS-MC341G-ADSC1-110
M2M Controller Integrated Type CPS-MC341Q-ADSC1-111
M2M Controller Integrated Type CPS-MC341-DS1-111
M2M Controller Integrated Type CPS-MC341-DS11-111
M2M Controller Integrated Type CPS-MC341-DS2-911
M2M Controller Integrated Type CPS-MC341-A1-111
M2M Controller Configurable Type CPS-MCS341-DS1-111
M2M Controller Configurable Type CPS-MCS341-DS1-131
M2M Controller Configurable Type CPS-MCS341G-DS1-130
M2M Controller Configurable Type CPS-MCS341G5-DS1-130
M2M Controller Configurable Type CPS-MCS341Q-DS1-131
M2M Gateway CPS-MG341-ADSC1-111
M2M Gateway CPS-MG341-ADSC1-931
M2M Gateway CPS-MG341G-ADSC1-111
M2M Gateway CPS-MG341G-ADSC1-930
M2M Gateway CPS-MG341G5-ADSC1-931
M2M Controller Integrated Type CPS-MC341-ADSC1-111
M2M Controller Integrated Type CPS-MC341-ADSC1-931
M2M Controller Integrated Type CPS-MC341-ADSC2-111
M2M Controller Integrated Type CPS-MC341G-ADSC1-110
M2M Controller Integrated Type CPS-MC341Q-ADSC1-111
M2M Controller Integrated Type CPS-MC341-DS1-111
M2M Controller Integrated Type CPS-MC341-DS11-111
M2M Controller Integrated Type CPS-MC341-DS2-911
M2M Controller Integrated Type CPS-MC341-A1-111
M2M Controller Configurable Type CPS-MCS341-DS1-111
M2M Controller Configurable Type CPS-MCS341-DS1-131
M2M Controller Configurable Type CPS-MCS341G-DS1-130
M2M Controller Configurable Type CPS-MCS341G5-DS1-130
M2M Controller Configurable Type CPS-MCS341Q-DS1-131
Software vendor:
Contec
Contec
Description
The vulnerability allows a remote user to compromise the target system.
The vulnerability exists due to firmware update file contains a firmware image encrypted. A remote administrator can use a specially crafted Firmware update file and execute arbitrary code on the system.
Remediation
Install updates from vendor's website.