Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-27389

Published: 11/04/2023 Updated: 18/04/2023
CVSS v3 Base Score: 7.2 | Impact Score: 5.9 | Exploitability Score: 1.2
VMScore: 0
Subscribe to Contec

Vulnerability Summary

Inadequate encryption strength vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker with an administrative privilege to apply a specially crafted Firmware update file, alter the information, cause a denial-of-service (DoS) condition, and/or execute arbitrary code. The affected products and versions are as follows: M2M Gateway with the firmware Ver.3.7.10 and previous versions (CPS-MG341-ADSC1-111, CPS-MG341-ADSC1-931, CPS-MG341G-ADSC1-111, CPS-MG341G-ADSC1-930, and CPS-MG341G5-ADSC1-931), M2M Controller Integrated Type with firmware Ver.3.7.6 and previous versions versions (CPS-MC341-ADSC1-111, CPS-MC341-ADSC1-931, CPS-MC341-ADSC2-111, CPS-MC341G-ADSC1-110, CPS-MC341Q-ADSC1-111, CPS-MC341-DS1-111, CPS-MC341-DS11-111, CPS-MC341-DS2-911, and CPS-MC341-A1-111), and M2M Controller Configurable Type with firmware Ver.3.8.8 and previous versions versions (CPS-MCS341-DS1-111, CPS-MCS341-DS1-131, CPS-MCS341G-DS1-130, CPS-MCS341G5-DS1-130, and CPS-MCS341Q-DS1-131).

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

contec cps-mg341-adsc1-111_firmware

contec cps-mg341-adsc1-931_firmware

contec cps-mg341g-adsc1-111_firmware

contec cps-mg341g-adsc1-930_firmware

contec cps-mg341g5-adsc1-931_firmware

contec cps-mc341-adsc1-111_firmware

contec cps-mc341-adsc1-931_firmware

contec cps-mc341-adsc2-111_firmware

contec cps-mc341g-adsc1-110_firmware

contec cps-mc341q-adsc1-111_firmware

contec cps-mc341-ds1-111_firmware

contec cps-mc341-ds11-111_firmware

contec cps-mc341-ds2-911_firmware

contec cps-mc341-a1-111_firmware

contec cps-mcs341-ds1-111_firmware

contec cps-mcs341-ds1-131_firmware

contec cps-mcs341g-ds1-130_firmware

contec cps-mcs341g5-ds1-130_firmware

contec cps-mcs341q-ds1-131_firmware

Github Repositories

https://github.com/Sylon001/Sylon001

Config files for my GitHub profile.

πŸ‘‹ Hi, I’m Hefei πŸ˜„ πŸ“« Hefeicoffee@aliyuncom Welcome, You are my visitor, Thank You!πŸŽ‰πŸŽ‰ NVS365 Camera CVE-2022-47070/CVE-2022-47071 Contec_Japan CVE-2023-27389/CVE-2023-27917 Contec_Menu Contec_SolarView

https://github.com/Sylon001/contec_japan

Contec Japan Co.,

Updated December 15, 2022 contec_japan Contec Japan Co Vulnerability reproduction CVE application in progress Table of contents 1 Firmware Password Collision 2 command execution vulnerability 3 Authentication Bypass Vulnerability Vulnerability audit pass date: 2023315 1 Firmware Password Collision(CVE-2023-27389) 2 command execution vulnerability(CVE-2023-27917) 3 Auth

References

CWE-326https://www.contec.com/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_cps_230317_en.pdfhttps://www.contec.com/download/donwload-list/?itemid=a054b3eb-da97-40d0-9598-d7f5ff4239ec#firmwarehttps://www.contec.com/download/donwload-list/?itemid=f832c526-dcf6-4976-85aa-f536c15a8120#firmwarehttps://jvn.jp/en/vu/JVNVU96198617/https://www.contec.com/download/donwload-list/?itemid=a1b33f0d-d32b-4549-9741-613cd37d5528#firmwarehttps://nvd.nist.govhttps://github.com/Sylon001/Sylon001
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
encryptionCVE-2024-4331CVE-2024-26925arbitrary codeCVE-2006-4304CVE-2024-25458CVE-2024-27077reflected XSSCVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook