7.2
CVE-2023-27389
- EPSS 0.52%
- Veröffentlicht 11.04.2023 09:15:08
- Zuletzt bearbeitet 10.02.2025 22:15:30
- Quelle vultures@jpcert.or.jp
- CVE-Watchlists
- Unerledigt
Inadequate encryption strength vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker with an administrative privilege to apply a specially crafted Firmware update file, alter the information, cause a denial-of-service (DoS) condition, and/or execute arbitrary code. The affected products and versions are as follows: M2M Gateway with the firmware Ver.3.7.10 and earlier (CPS-MG341-ADSC1-111, CPS-MG341-ADSC1-931, CPS-MG341G-ADSC1-111, CPS-MG341G-ADSC1-930, and CPS-MG341G5-ADSC1-931), M2M Controller Integrated Type with firmware Ver.3.7.6 and earlier versions (CPS-MC341-ADSC1-111, CPS-MC341-ADSC1-931, CPS-MC341-ADSC2-111, CPS-MC341G-ADSC1-110, CPS-MC341Q-ADSC1-111, CPS-MC341-DS1-111, CPS-MC341-DS11-111, CPS-MC341-DS2-911, and CPS-MC341-A1-111), and M2M Controller Configurable Type with firmware Ver.3.8.8 and earlier versions (CPS-MCS341-DS1-111, CPS-MCS341-DS1-131, CPS-MCS341G-DS1-130, CPS-MCS341G5-DS1-130, and CPS-MCS341Q-DS1-131).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Contec ≫ Cps-mg341-adsc1-111 Firmware Version <= 3.7.10
Contec ≫ Cps-mg341-adsc1-931 Firmware Version <= 3.7.10
Contec ≫ Cps-mg341g-adsc1-111 Firmware Version <= 3.7.10
Contec ≫ Cps-mg341g-adsc1-930 Firmware Version <= 3.7.10
Contec ≫ Cps-mg341g5-adsc1-931 Firmware Version <= 3.7.10
Contec ≫ Cps-mc341-adsc1-111 Firmware Version <= 3.7.6
Contec ≫ Cps-mc341-adsc1-931 Firmware Version <= 3.7.6
Contec ≫ Cps-mc341-adsc2-111 Firmware Version <= 3.7.6
Contec ≫ Cps-mc341g-adsc1-110 Firmware Version <= 3.7.6
Contec ≫ Cps-mc341q-adsc1-111 Firmware Version <= 3.7.6
Contec ≫ Cps-mc341-ds1-111 Firmware Version <= 3.7.6
Contec ≫ Cps-mc341-ds11-111 Firmware Version <= 3.7.6
Contec ≫ Cps-mc341-ds2-911 Firmware Version <= 3.7.6
Contec ≫ Cps-mc341-a1-111 Firmware Version <= 3.7.6
Contec ≫ Cps-mcs341-ds1-111 Firmware Version <= 3.8.8
Contec ≫ Cps-mcs341-ds1-131 Firmware Version <= 3.8.8
Contec ≫ Cps-mcs341g-ds1-130 Firmware Version <= 3.8.8
Contec ≫ Cps-mcs341g5-ds1-130 Firmware Version <= 3.8.8
Contec ≫ Cps-mcs341q-ds1-131 Firmware Version <= 3.8.8
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.52% | 0.402 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-326 Inadequate Encryption Strength
The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.
https://jvn.jp/en/vu/JVNVU96198617/
https://www.contec.com/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_cps_230317_en.pdf
https://www.contec.com/download/donwload-list/?itemid=a054b3eb-da97-40d0-9598-d7f5ff4239ec#firmware
https://www.contec.com/download/donwload-list/?itemid=a1b33f0d-d32b-4549-9741-613cd37d5528#firmware
https://www.contec.com/download/donwload-list/?itemid=f832c526-dcf6-4976-85aa-f536c15a8120#firmware