7.2

CVE-2023-27389

Inadequate encryption strength vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker with an administrative privilege to apply a specially crafted Firmware update file, alter the information, cause a denial-of-service (DoS) condition, and/or execute arbitrary code. The affected products and versions are as follows: M2M Gateway with the firmware Ver.3.7.10 and earlier (CPS-MG341-ADSC1-111, CPS-MG341-ADSC1-931, CPS-MG341G-ADSC1-111, CPS-MG341G-ADSC1-930, and CPS-MG341G5-ADSC1-931), M2M Controller Integrated Type with firmware Ver.3.7.6 and earlier versions (CPS-MC341-ADSC1-111, CPS-MC341-ADSC1-931, CPS-MC341-ADSC2-111, CPS-MC341G-ADSC1-110, CPS-MC341Q-ADSC1-111, CPS-MC341-DS1-111, CPS-MC341-DS11-111, CPS-MC341-DS2-911, and CPS-MC341-A1-111), and M2M Controller Configurable Type with firmware Ver.3.8.8 and earlier versions (CPS-MCS341-DS1-111, CPS-MCS341-DS1-131, CPS-MCS341G-DS1-130, CPS-MCS341G5-DS1-130, and CPS-MCS341Q-DS1-131).

Data is provided by the National Vulnerability Database (NVD)
ContecCps-mg341-adsc1-111 Firmware Version <= 3.7.10
   ContecCps-mg341-adsc1-111 Version-
ContecCps-mg341-adsc1-931 Firmware Version <= 3.7.10
   ContecCps-mg341-adsc1-931 Version-
ContecCps-mg341g-adsc1-111 Firmware Version <= 3.7.10
   ContecCps-mg341g-adsc1-111 Version-
ContecCps-mg341g-adsc1-930 Firmware Version <= 3.7.10
   ContecCps-mg341g-adsc1-930 Version-
ContecCps-mg341g5-adsc1-931 Firmware Version <= 3.7.10
   ContecCps-mg341g5-adsc1-931 Version-
ContecCps-mc341-adsc1-111 Firmware Version <= 3.7.6
   ContecCps-mc341-adsc1-111 Version-
ContecCps-mc341-adsc1-931 Firmware Version <= 3.7.6
   ContecCps-mc341-adsc1-931 Version-
ContecCps-mc341-adsc2-111 Firmware Version <= 3.7.6
   ContecCps-mc341-adsc2-111 Version-
ContecCps-mc341g-adsc1-110 Firmware Version <= 3.7.6
   ContecCps-mc341g-adsc1-110 Version-
ContecCps-mc341q-adsc1-111 Firmware Version <= 3.7.6
   ContecCps-mc341q-adsc1-111 Version-
ContecCps-mc341-ds1-111 Firmware Version <= 3.7.6
   ContecCps-mc341-ds1-111 Version-
ContecCps-mc341-ds11-111 Firmware Version <= 3.7.6
   ContecCps-mc341-ds11-111 Version-
ContecCps-mc341-ds2-911 Firmware Version <= 3.7.6
   ContecCps-mc341-ds2-911 Version-
ContecCps-mc341-a1-111 Firmware Version <= 3.7.6
   ContecCps-mc341-a1-111 Version-
ContecCps-mcs341-ds1-111 Firmware Version <= 3.8.8
   ContecCps-mcs341-ds1-111 Version-
ContecCps-mcs341-ds1-131 Firmware Version <= 3.8.8
   ContecCps-mcs341-ds1-131 Version-
ContecCps-mcs341g-ds1-130 Firmware Version <= 3.8.8
   ContecCps-mcs341g-ds1-130 Version-
ContecCps-mcs341g5-ds1-130 Firmware Version <= 3.8.8
   ContecCps-mcs341g5-ds1-130 Version-
ContecCps-mcs341q-ds1-131 Firmware Version <= 3.8.8
   ContecCps-mcs341q-ds1-131 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.97% 0.754
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.2 1.2 5.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.2 1.2 5.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE-326 Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.