CVE-2023-27389

🗓️ 11 Apr 2023 00:00:00Reported by jpcertType

Inadequate encryption strength vuln. in CONPROSYS IoT Gateway allows remote attackers to apply crafted Firmware update file, alter info, cause DoS, and execute arbitrary code

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2023-27389	14 Feb 202510:00	–	circl
CNNVD	Contec CONPROSYS IoT Gateway 加密问题漏洞	17 Mar 202300:00	–	cnnvd
Cvelist	CVE-2023-27389	11 Apr 202300:00	–	cvelist
EUVD	EUVD-2023-31165	3 Oct 202520:07	–	euvd
Japan Vulnerability Notes	Multiple vulnerabilities in Contec CONPROSYS IoT Gateway products	22 Mar 202304:41	–	jvn
NVD	CVE-2023-27389	11 Apr 202309:15	–	nvd
Prion	Design/Logic Flaw	11 Apr 202309:15	–	prion
Positive Technologies	PT-2023-21091 · Conprosys · Conprosys Iot Gateway +3	11 Apr 202300:00	–	ptsecurity
RedhatCVE	CVE-2023-27389	23 May 202502:25	–	redhatcve
Vulnrichment	CVE-2023-27389	11 Apr 202300:00	–	vulnrichment

NVD

Node

contec cps-mg341-adsc1-111_firmwareRange≤3.7.10

AND

contec cps-mg341-adsc1-111Match-

Node

contec cps-mg341-adsc1-931_firmwareRange≤3.7.10

AND

contec cps-mg341-adsc1-931Match-

Node

contec cps-mg341g-adsc1-111_firmwareRange≤3.7.10

AND

contec cps-mg341g-adsc1-111Match-

Node

contec cps-mg341g-adsc1-930_firmwareRange≤3.7.10

AND

contec cps-mg341g-adsc1-930Match-

Node

contec cps-mg341g5-adsc1-931_firmwareRange≤3.7.10

AND

contec cps-mg341g5-adsc1-931Match-

Node

contec cps-mc341-adsc1-111_firmwareRange≤3.7.6

AND

contec cps-mc341-adsc1-111Match-

Node

contec cps-mc341-adsc1-931_firmwareRange≤3.7.6

AND

contec cps-mc341-adsc1-931Match-

Node

contec cps-mc341-adsc2-111_firmwareRange≤3.7.6

AND

contec cps-mc341-adsc2-111Match-

Node

contec cps-mc341g-adsc1-110_firmwareRange≤3.7.6

AND

contec cps-mc341g-adsc1-110Match-

Node

contec cps-mc341q-adsc1-111_firmwareRange≤3.7.6

AND

contec cps-mc341q-adsc1-111Match-

Node

contec cps-mc341-ds1-111_firmwareRange≤3.7.6

AND

contec cps-mc341-ds1-111Match-

Node

contec cps-mc341-ds11-111_firmwareRange≤3.7.6

AND

contec cps-mc341-ds11-111Match-

Node

contec cps-mc341-ds2-911_firmwareRange≤3.7.6

AND

contec cps-mc341-ds2-911Match-

Node

contec cps-mc341-a1-111_firmwareRange≤3.7.6

AND

contec cps-mc341-a1-111Match-

Node

contec cps-mcs341-ds1-111_firmwareRange≤3.8.8

AND

contec cps-mcs341-ds1-111Match-

Node

contec cps-mcs341-ds1-131_firmwareRange≤3.8.8

AND

contec cps-mcs341-ds1-131Match-

Node

contec cps-mcs341g-ds1-130_firmwareRange≤3.8.8

AND

contec cps-mcs341g-ds1-130Match-

Node

contec cps-mcs341g5-ds1-130_firmwareRange≤3.8.8

AND

contec cps-mcs341g5-ds1-130Match-

Node

contec cps-mcs341q-ds1-131_firmwareRange≤3.8.8

AND

contec cps-mcs341q-ds1-131Match-

[
  {
    "vendor": "Contec CO.,LTD.",
    "product": "CONPROSYS IoT Gateway products",
    "versions": [
      {
        "version": "M2M Gateway with the firmware Ver.3.7.10 and earlier (CPS-MG341-ADSC1-111, CPS-MG341-ADSC1-931, CPS-MG341G-ADSC1-111, CPS-MG341G-ADSC1-930, and CPS-MG341G5-ADSC1-931), M2M Controller Integrated Type with firmware Ver.3.7.6 and earlier versions (CPS-MC341-ADSC1-111, CPS-MC341-ADSC1-931, CPS-MC341-ADSC2-111, CPS-MC341G-ADSC1-110, CPS-MC341Q-ADSC1-111, CPS-MC341-DS1-111, CPS-MC341-DS11-111, CPS-MC341-DS2-911, and CPS-MC341-A1-111), and M2M Controller Configurable Type with firmware Ver.3.8.8 and earlier versions (CPS-MCS341-DS1-111, CPS-MCS341-DS1-131, CPS-MCS341G-DS1-130, CPS-MCS341G5-DS1-130, and CPS-MCS341Q-DS1-131)",
        "status": "affected"
      }
    ]
  }
]

Source	Link
jvn	www.jvn.jp/en/vu/JVNVU96198617/
contec	www.contec.com/download/donwload-list/
contec	www.contec.com/download/donwload-list/
contec	www.contec.com/download/donwload-list/
contec	www.contec.com/api/downloadlogger

10 Feb 2025 22:15Current

7High risk

Vulners AI Score7

CVSS 3.17.2

EPSS0.00845

SSVC

CWE-326