4.3

CVE-2023-23575

Improper access control vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker to bypass access restriction and access Network Maintenance page, which may result in obtaining the network information of the product. The affected products and versions are as follows: M2M Gateway with the firmware Ver.3.7.10 and earlier (CPS-MG341-ADSC1-111, CPS-MG341-ADSC1-931, CPS-MG341G-ADSC1-111, CPS-MG341G-ADSC1-930, and CPS-MG341G5-ADSC1-931), M2M Controller Integrated Type with firmware Ver.3.7.6 and earlier versions (CPS-MC341-ADSC1-111, CPS-MC341-ADSC1-931, CPS-MC341-ADSC2-111, CPS-MC341G-ADSC1-110, CPS-MC341Q-ADSC1-111, CPS-MC341-DS1-111, CPS-MC341-DS11-111, CPS-MC341-DS2-911, and CPS-MC341-A1-111), and M2M Controller Configurable Type with firmware Ver.3.8.8 and earlier versions (CPS-MCS341-DS1-111, CPS-MCS341-DS1-131, CPS-MCS341G-DS1-130, CPS-MCS341G5-DS1-130, and CPS-MCS341Q-DS1-131).

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ContecCps-mg341-adsc1-111 Firmware Version <= 3.7.10
   ContecCps-mg341-adsc1-111 Version-
ContecCps-mg341-adsc1-931 Firmware Version <= 3.7.10
   ContecCps-mg341-adsc1-931 Version-
ContecCps-mg341g-adsc1-111 Firmware Version <= 3.7.10
   ContecCps-mg341g-adsc1-111 Version-
ContecCps-mg341g-adsc1-930 Firmware Version <= 3.7.10
   ContecCps-mg341g-adsc1-930 Version-
ContecCps-mg341g5-adsc1-931 Firmware Version <= 3.7.10
   ContecCps-mg341g5-adsc1-931 Version-
ContecCps-mc341-adsc1-111 Firmware Version <= 3.7.6
   ContecCps-mc341-adsc1-111 Version-
ContecCps-mc341-adsc1-931 Firmware Version <= 3.7.6
   ContecCps-mc341-adsc1-931 Version-
ContecCps-mc341-adsc2-111 Firmware Version <= 3.7.6
   ContecCps-mc341-adsc2-111 Version-
ContecCps-mc341g-adsc1-110 Firmware Version <= 3.7.6
   ContecCps-mc341g-adsc1-110 Version-
ContecCps-mc341q-adsc1-111 Firmware Version <= 3.7.6
   ContecCps-mc341q-adsc1-111 Version-
ContecCps-mc341-ds1-111 Firmware Version <= 3.7.6
   ContecCps-mc341-ds1-111 Version-
ContecCps-mc341-ds11-111 Firmware Version <= 3.7.6
   ContecCps-mc341-ds11-111 Version-
ContecCps-mc341-ds2-911 Firmware Version <= 3.7.6
   ContecCps-mc341-ds2-911 Version-
ContecCps-mc341-a1-111 Firmware Version <= 3.7.6
   ContecCps-mc341-a1-111 Version-
ContecCps-mcs341-ds1-111 Firmware Version <= 3.8.8
   ContecCps-mcs341-ds1-111 Version-
ContecCps-mcs341-ds1-131 Firmware Version <= 3.8.8
   ContecCps-mcs341-ds1-131 Version-
ContecCps-mcs341g-ds1-130 Firmware Version <= 3.8.8
   ContecCps-mcs341g-ds1-130 Version-
ContecCps-mcs341g5-ds1-130 Firmware Version <= 3.8.8
   ContecCps-mcs341g5-ds1-130 Version-
ContecCps-mcs341q-ds1-131 Firmware Version <= 3.8.8
   ContecCps-mcs341q-ds1-131 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.19% 0.379
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 2.8 1.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0 4.3 2.8 1.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.