Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-27917

OS command injection vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker who can access Network Maintenance page to execute arbitrary OS commands with a root privilege. The affected products and versions are as follows: M2M Gateway with the firmware Ver.3.7.10 and earlier (CPS-MG341-ADSC1-111, CPS-MG341-ADSC1-931, CPS-MG341G-ADSC1-111, CPS-MG341G-ADSC1-930, and CPS-MG341G5-ADSC1-931), M2M Controller Integrated Type with firmware Ver.3.7.6 and earlier versions (CPS-MC341-ADSC1-111, CPS-MC341-ADSC1-931, CPS-MC341-ADSC2-111, CPS-MC341G-ADSC1-110, CPS-MC341Q-ADSC1-111, CPS-MC341-DS1-111, CPS-MC341-DS11-111, CPS-MC341-DS2-911, and CPS-MC341-A1-111), and M2M Controller Configurable Type with firmware Ver.3.8.8 and earlier versions (CPS-MCS341-DS1-111, CPS-MCS341-DS1-131, CPS-MCS341G-DS1-130, CPS-MCS341G5-DS1-130, and CPS-MCS341Q-DS1-131).

Published

2023-04-11T09:15:08.200

Last Modified

2025-02-10T22:15:31.797

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses

Type: Primary
CWE-78
Type: Secondary
CWE-78

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	contec	cps-mg341-adsc1-111_firmware	≤ 3.7.10	Yes
Hardware	contec	cps-mg341-adsc1-111	-	No
Operating System	contec	cps-mg341-adsc1-931_firmware	≤ 3.7.10	Yes
Hardware	contec	cps-mg341-adsc1-931	-	No
Operating System	contec	cps-mg341g-adsc1-111_firmware	≤ 3.7.10	Yes
Hardware	contec	cps-mg341g-adsc1-111	-	No
Operating System	contec	cps-mg341g-adsc1-930_firmware	≤ 3.7.10	Yes
Hardware	contec	cps-mg341g-adsc1-930	-	No
Operating System	contec	cps-mg341g5-adsc1-931_firmware	≤ 3.7.10	Yes
Hardware	contec	cps-mg341g5-adsc1-931	-	No
Operating System	contec	cps-mc341-adsc1-111_firmware	≤ 3.7.6	Yes
Hardware	contec	cps-mc341-adsc1-111	-	No
Operating System	contec	cps-mc341-adsc1-931_firmware	≤ 3.7.6	Yes
Hardware	contec	cps-mc341-adsc1-931	-	No
Operating System	contec	cps-mc341-adsc2-111_firmware	≤ 3.7.6	Yes
Hardware	contec	cps-mc341-adsc2-111	-	No
Operating System	contec	cps-mc341g-adsc1-110_firmware	≤ 3.7.6	Yes
Hardware	contec	cps-mc341g-adsc1-110	-	No
Operating System	contec	cps-mc341q-adsc1-111_firmware	≤ 3.7.6	Yes
Hardware	contec	cps-mc341q-adsc1-111	-	No
Operating System	contec	cps-mc341-ds1-111_firmware	≤ 3.7.6	Yes
Hardware	contec	cps-mc341-ds1-111	-	No
Operating System	contec	cps-mc341-ds11-111_firmware	≤ 3.7.6	Yes
Hardware	contec	cps-mc341-ds11-111	-	No
Operating System	contec	cps-mc341-ds2-911_firmware	≤ 3.7.6	Yes
Hardware	contec	cps-mc341-ds2-911	-	No
Operating System	contec	cps-mc341-a1-111_firmware	≤ 3.7.6	Yes
Hardware	contec	cps-mc341-a1-111	-	No
Operating System	contec	cps-mcs341-ds1-111_firmware	≤ 3.8.8	Yes
Hardware	contec	cps-mcs341-ds1-111	-	No
Operating System	contec	cps-mcs341-ds1-131_firmware	≤ 3.8.8	Yes
Hardware	contec	cps-mcs341-ds1-131	-	No
Operating System	contec	cps-mcs341g-ds1-130_firmware	≤ 3.8.8	Yes
Hardware	contec	cps-mcs341g-ds1-130	-	No
Operating System	contec	cps-mcs341g5-ds1-130_firmware	≤ 3.8.8	Yes
Hardware	contec	cps-mcs341g5-ds1-130	-	No
Operating System	contec	cps-mcs341q-ds1-131_firmware	≤ 3.8.8	Yes
Hardware	contec	cps-mcs341q-ds1-131	-	No

References

https://jvn.jp/en/vu/JVNVU96198617/ Third Party Advisory ([email protected])
https://www.contec.com/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_cps_230317_en.pdf Mitigation, Vendor Advisory ([email protected])
https://www.contec.com/download/donwload-list/?itemid=a054b3eb-da97-40d0-9598-d7f5ff4239ec#firmware Product ([email protected])
https://www.contec.com/download/donwload-list/?itemid=a1b33f0d-d32b-4549-9741-613cd37d5528#firmware Product ([email protected])
https://www.contec.com/download/donwload-list/?itemid=f832c526-dcf6-4976-85aa-f536c15a8120#firmware Product ([email protected])
https://jvn.jp/en/vu/JVNVU96198617/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.contec.com/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_cps_230317_en.pdf Mitigation, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.contec.com/download/donwload-list/?itemid=a054b3eb-da97-40d0-9598-d7f5ff4239ec#firmware Product (af854a3a-2127-422b-91ae-364da2661108)
https://www.contec.com/download/donwload-list/?itemid=a1b33f0d-d32b-4549-9741-613cd37d5528#firmware Product (af854a3a-2127-422b-91ae-364da2661108)
https://www.contec.com/download/donwload-list/?itemid=f832c526-dcf6-4976-85aa-f536c15a8120#firmware Product (af854a3a-2127-422b-91ae-364da2661108)