7.2

CVE-2023-27389

Inadequate encryption strength vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker with an administrative privilege to apply a specially crafted Firmware update file, alter the information, cause a denial-of-service (DoS) condition, and/or execute arbitrary code. The affected products and versions are as follows: M2M Gateway with the firmware Ver.3.7.10 and earlier (CPS-MG341-ADSC1-111, CPS-MG341-ADSC1-931, CPS-MG341G-ADSC1-111, CPS-MG341G-ADSC1-930, and CPS-MG341G5-ADSC1-931), M2M Controller Integrated Type with firmware Ver.3.7.6 and earlier versions (CPS-MC341-ADSC1-111, CPS-MC341-ADSC1-931, CPS-MC341-ADSC2-111, CPS-MC341G-ADSC1-110, CPS-MC341Q-ADSC1-111, CPS-MC341-DS1-111, CPS-MC341-DS11-111, CPS-MC341-DS2-911, and CPS-MC341-A1-111), and M2M Controller Configurable Type with firmware Ver.3.8.8 and earlier versions (CPS-MCS341-DS1-111, CPS-MCS341-DS1-131, CPS-MCS341G-DS1-130, CPS-MCS341G5-DS1-130, and CPS-MCS341Q-DS1-131).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ContecCps-mg341-adsc1-111 Firmware Version <= 3.7.10
   ContecCps-mg341-adsc1-111 Version-
ContecCps-mg341-adsc1-931 Firmware Version <= 3.7.10
   ContecCps-mg341-adsc1-931 Version-
ContecCps-mg341g-adsc1-111 Firmware Version <= 3.7.10
   ContecCps-mg341g-adsc1-111 Version-
ContecCps-mg341g-adsc1-930 Firmware Version <= 3.7.10
   ContecCps-mg341g-adsc1-930 Version-
ContecCps-mg341g5-adsc1-931 Firmware Version <= 3.7.10
   ContecCps-mg341g5-adsc1-931 Version-
ContecCps-mc341-adsc1-111 Firmware Version <= 3.7.6
   ContecCps-mc341-adsc1-111 Version-
ContecCps-mc341-adsc1-931 Firmware Version <= 3.7.6
   ContecCps-mc341-adsc1-931 Version-
ContecCps-mc341-adsc2-111 Firmware Version <= 3.7.6
   ContecCps-mc341-adsc2-111 Version-
ContecCps-mc341g-adsc1-110 Firmware Version <= 3.7.6
   ContecCps-mc341g-adsc1-110 Version-
ContecCps-mc341q-adsc1-111 Firmware Version <= 3.7.6
   ContecCps-mc341q-adsc1-111 Version-
ContecCps-mc341-ds1-111 Firmware Version <= 3.7.6
   ContecCps-mc341-ds1-111 Version-
ContecCps-mc341-ds11-111 Firmware Version <= 3.7.6
   ContecCps-mc341-ds11-111 Version-
ContecCps-mc341-ds2-911 Firmware Version <= 3.7.6
   ContecCps-mc341-ds2-911 Version-
ContecCps-mc341-a1-111 Firmware Version <= 3.7.6
   ContecCps-mc341-a1-111 Version-
ContecCps-mcs341-ds1-111 Firmware Version <= 3.8.8
   ContecCps-mcs341-ds1-111 Version-
ContecCps-mcs341-ds1-131 Firmware Version <= 3.8.8
   ContecCps-mcs341-ds1-131 Version-
ContecCps-mcs341g-ds1-130 Firmware Version <= 3.8.8
   ContecCps-mcs341g-ds1-130 Version-
ContecCps-mcs341g5-ds1-130 Firmware Version <= 3.8.8
   ContecCps-mcs341g5-ds1-130 Version-
ContecCps-mcs341q-ds1-131 Firmware Version <= 3.8.8
   ContecCps-mcs341q-ds1-131 Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.52% 0.402
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.2 1.2 5.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.2 1.2 5.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE-326 Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

https://jvn.jp/en/vu/JVNVU96198617/
Third Party Advisory
https://www.contec.com/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_cps_230317_en.pdf
Vendor Advisory
Mitigation
https://www.contec.com/download/donwload-list/?itemid=a054b3eb-da97-40d0-9598-d7f5ff4239ec#firmware
Product
https://www.contec.com/download/donwload-list/?itemid=a1b33f0d-d32b-4549-9741-613cd37d5528#firmware
Product
https://www.contec.com/download/donwload-list/?itemid=f832c526-dcf6-4976-85aa-f536c15a8120#firmware
Product