CVE-2023-27389
Summary
| CVE | CVE-2023-27389 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-04-11 09:15:00 UTC |
| Updated | 2023-04-18 19:37:00 UTC |
| Description | Inadequate encryption strength vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker with an administrative privilege to apply a specially crafted Firmware update file, alter the information, cause a denial-of-service (DoS) condition, and/or execute arbitrary code. The affected products and versions are as follows: M2M Gateway with the firmware Ver.3.7.10 and earlier (CPS-MG341-ADSC1-111, CPS-MG341-ADSC1-931, CPS-MG341G-ADSC1-111, CPS-MG341G-ADSC1-930, and CPS-MG341G5-ADSC1-931), M2M Controller Integrated Type with firmware Ver.3.7.6 and earlier versions (CPS-MC341-ADSC1-111, CPS-MC341-ADSC1-931, CPS-MC341-ADSC2-111, CPS-MC341G-ADSC1-110, CPS-MC341Q-ADSC1-111, CPS-MC341-DS1-111, CPS-MC341-DS11-111, CPS-MC341-DS2-911, and CPS-MC341-A1-111), and M2M Controller Configurable Type with firmware Ver.3.8.8 and earlier versions (CPS-MCS341-DS1-111, CPS-MCS341-DS1-131, CPS-MCS341G-DS1-130, CPS-MCS341G5-DS1-130, and CPS-MCS341Q-DS1-131). |
Risk And Classification
Problem Types: CWE-326
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Contec | Cps-mc341-a1-111 | - | All | All | All |
| Operating System | Contec | Cps-mc341-a1-111 Firmware | All | All | All | All |
| Hardware | Contec | Cps-mc341-adsc1-111 | - | All | All | All |
| Operating System | Contec | Cps-mc341-adsc1-111 Firmware | All | All | All | All |
| Hardware | Contec | Cps-mc341-adsc1-931 | - | All | All | All |
| Operating System | Contec | Cps-mc341-adsc1-931 Firmware | All | All | All | All |
| Hardware | Contec | Cps-mc341-adsc2-111 | - | All | All | All |
| Operating System | Contec | Cps-mc341-adsc2-111 Firmware | All | All | All | All |
| Hardware | Contec | Cps-mc341-ds1-111 | - | All | All | All |
| Operating System | Contec | Cps-mc341-ds1-111 Firmware | All | All | All | All |
| Hardware | Contec | Cps-mc341-ds11-111 | - | All | All | All |
| Operating System | Contec | Cps-mc341-ds11-111 Firmware | All | All | All | All |
| Hardware | Contec | Cps-mc341-ds2-911 | - | All | All | All |
| Operating System | Contec | Cps-mc341-ds2-911 Firmware | All | All | All | All |
| Hardware | Contec | Cps-mc341g-adsc1-110 | - | All | All | All |
| Operating System | Contec | Cps-mc341g-adsc1-110 Firmware | All | All | All | All |
| Hardware | Contec | Cps-mc341q-adsc1-111 | - | All | All | All |
| Operating System | Contec | Cps-mc341q-adsc1-111 Firmware | All | All | All | All |
| Hardware | Contec | Cps-mcs341-ds1-111 | - | All | All | All |
| Operating System | Contec | Cps-mcs341-ds1-111 Firmware | All | All | All | All |
| Hardware | Contec | Cps-mcs341-ds1-131 | - | All | All | All |
| Operating System | Contec | Cps-mcs341-ds1-131 Firmware | All | All | All | All |
| Hardware | Contec | Cps-mcs341g-ds1-130 | - | All | All | All |
| Operating System | Contec | Cps-mcs341g-ds1-130 Firmware | All | All | All | All |
| Hardware | Contec | Cps-mcs341g5-ds1-130 | - | All | All | All |
| Operating System | Contec | Cps-mcs341g5-ds1-130 Firmware | All | All | All | All |
| Hardware | Contec | Cps-mcs341q-ds1-131 | - | All | All | All |
| Operating System | Contec | Cps-mcs341q-ds1-131 Firmware | All | All | All | All |
| Hardware | Contec | Cps-mg341-adsc1-111 | - | All | All | All |
| Operating System | Contec | Cps-mg341-adsc1-111 Firmware | All | All | All | All |
| Hardware | Contec | Cps-mg341-adsc1-931 | - | All | All | All |
| Operating System | Contec | Cps-mg341-adsc1-931 Firmware | All | All | All | All |
| Hardware | Contec | Cps-mg341g-adsc1-111 | - | All | All | All |
| Operating System | Contec | Cps-mg341g-adsc1-111 Firmware | All | All | All | All |
| Hardware | Contec | Cps-mg341g-adsc1-930 | - | All | All | All |
| Operating System | Contec | Cps-mg341g-adsc1-930 Firmware | All | All | All | All |
| Hardware | Contec | Cps-mg341g5-adsc1-931 | - | All | All | All |
| Operating System | Contec | Cps-mg341g5-adsc1-931 Firmware | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Download File List | CONTEC | MISC | www.contec.com | Product |
| JVNVU#96198617: Multiple vulnerabilities in Contec CONPROSYS IoT Gateway products | MISC | jvn.jp | Third Party Advisory |
| Download File List | CONTEC | MISC | www.contec.com | Product |
| Download File List | CONTEC | MISC | www.contec.com | Product |
| www.contec.com/api/downloadlogger | MISC | www.contec.com | Mitigation, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.