7.2
CVE-2023-27389
- EPSS 0.97%
- Veröffentlicht 11.04.2023 09:15:08
- Zuletzt bearbeitet 10.02.2025 22:15:30
- Quelle vultures@jpcert.or.jp
- Teams Watchlist Login
- Unerledigt Login
Inadequate encryption strength vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker with an administrative privilege to apply a specially crafted Firmware update file, alter the information, cause a denial-of-service (DoS) condition, and/or execute arbitrary code. The affected products and versions are as follows: M2M Gateway with the firmware Ver.3.7.10 and earlier (CPS-MG341-ADSC1-111, CPS-MG341-ADSC1-931, CPS-MG341G-ADSC1-111, CPS-MG341G-ADSC1-930, and CPS-MG341G5-ADSC1-931), M2M Controller Integrated Type with firmware Ver.3.7.6 and earlier versions (CPS-MC341-ADSC1-111, CPS-MC341-ADSC1-931, CPS-MC341-ADSC2-111, CPS-MC341G-ADSC1-110, CPS-MC341Q-ADSC1-111, CPS-MC341-DS1-111, CPS-MC341-DS11-111, CPS-MC341-DS2-911, and CPS-MC341-A1-111), and M2M Controller Configurable Type with firmware Ver.3.8.8 and earlier versions (CPS-MCS341-DS1-111, CPS-MCS341-DS1-131, CPS-MCS341G-DS1-130, CPS-MCS341G5-DS1-130, and CPS-MCS341Q-DS1-131).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Contec ≫ Cps-mg341-adsc1-111 Firmware Version <= 3.7.10
Contec ≫ Cps-mg341-adsc1-931 Firmware Version <= 3.7.10
Contec ≫ Cps-mg341g-adsc1-111 Firmware Version <= 3.7.10
Contec ≫ Cps-mg341g-adsc1-930 Firmware Version <= 3.7.10
Contec ≫ Cps-mg341g5-adsc1-931 Firmware Version <= 3.7.10
Contec ≫ Cps-mc341-adsc1-111 Firmware Version <= 3.7.6
Contec ≫ Cps-mc341-adsc1-931 Firmware Version <= 3.7.6
Contec ≫ Cps-mc341-adsc2-111 Firmware Version <= 3.7.6
Contec ≫ Cps-mc341g-adsc1-110 Firmware Version <= 3.7.6
Contec ≫ Cps-mc341q-adsc1-111 Firmware Version <= 3.7.6
Contec ≫ Cps-mc341-ds1-111 Firmware Version <= 3.7.6
Contec ≫ Cps-mc341-ds11-111 Firmware Version <= 3.7.6
Contec ≫ Cps-mc341-ds2-911 Firmware Version <= 3.7.6
Contec ≫ Cps-mc341-a1-111 Firmware Version <= 3.7.6
Contec ≫ Cps-mcs341-ds1-111 Firmware Version <= 3.8.8
Contec ≫ Cps-mcs341-ds1-131 Firmware Version <= 3.8.8
Contec ≫ Cps-mcs341g-ds1-130 Firmware Version <= 3.8.8
Contec ≫ Cps-mcs341g5-ds1-130 Firmware Version <= 3.8.8
Contec ≫ Cps-mcs341q-ds1-131 Firmware Version <= 3.8.8
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.97% | 0.754 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-326 Inadequate Encryption Strength
The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.