CVE-2023-27389 Information

Description

Inadequate encryption strength vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker with an administrative privilege to apply a specially crafted Firmware update file alter the information cause a denial-of-service (DoS) condition and/or execute arbitrary code. The affected products and versions are as follows: M2M Gateway with the firmware Ver.3.7.10 and earlier (CPS-MG341-ADSC1-111 CPS-MG341-ADSC1-931 CPS-MG341G-ADSC1-111 CPS-MG341G-ADSC1-930 and CPS-MG341G5-ADSC1-931) M2M Controller Integrated Type with firmware Ver.3.7.6 and earlier versions (CPS-MC341-ADSC1-111 CPS-MC341-ADSC1-931 CPS-MC341-ADSC2-111 CPS-MC341G-ADSC1-110 CPS-MC341Q-ADSC1-111 CPS-MC341-DS1-111 CPS-MC341-DS11-111 CPS-MC341-DS2-911 and CPS-MC341-A1-111) and M2M Controller Configurable Type with firmware Ver.3.8.8 and earlier versions (CPS-MCS341-DS1-111 CPS-MCS341-DS1-131 CPS-MCS341G-DS1-130 CPS-MCS341G5-DS1-130 and CPS-MCS341Q-DS1-131).

Reference

https://www.contec.com/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_cps_230317_en.pdf https://www.contec.com/download/donwload-list/?itemid=a054b3eb-da97-40d0-9598-d7f5ff4239ec#firmware https://www.contec.com/download/donwload-list/?itemid=f832c526-dcf6-4976-85aa-f536c15a8120#firmware https://jvn.jp/en/vu/JVNVU96198617/ https://www.contec.com/download/donwload-list/?itemid=a1b33f0d-d32b-4549-9741-613cd37d5528#firmware