CVE-2023-27917
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD
Description
OS command injection vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker who can access Network Maintenance page to execute arbitrary OS commands with a root privilege. The affected products and versions are as follows: M2M Gateway with the firmware Ver.3.7.10 and earlier (CPS-MG341-ADSC1-111, CPS-MG341-ADSC1-931, CPS-MG341G-ADSC1-111, CPS-MG341G-ADSC1-930, and CPS-MG341G5-ADSC1-931), M2M Controller Integrated Type with firmware Ver.3.7.6 and earlier versions (CPS-MC341-ADSC1-111, CPS-MC341-ADSC1-931, CPS-MC341-ADSC2-111, CPS-MC341G-ADSC1-110, CPS-MC341Q-ADSC1-111, CPS-MC341-DS1-111, CPS-MC341-DS11-111, CPS-MC341-DS2-911, and CPS-MC341-A1-111), and M2M Controller Configurable Type with firmware Ver.3.8.8 and earlier versions (CPS-MCS341-DS1-111, CPS-MCS341-DS1-131, CPS-MCS341G-DS1-130, CPS-MCS341G5-DS1-130, and CPS-MCS341Q-DS1-131).
Affected (19)
Products: Contec: Cps Mg341 Adsc1 111 Firmware, Cps Mg341 Adsc1 931 Firmware, Cps Mg341g Adsc1 111 Firmware, Cps Mg341g Adsc1 930 Firmware, Cps Mg341g5 Adsc1 931 Firmware, Cps Mc341 Adsc1 111 Firmware, Cps Mc341 Adsc1 931 Firmware, Cps Mc341 Adsc2 111 Firmware, Cps Mc341g Adsc1 110 Firmware, Cps Mc341q Adsc1 111 Firmware, Cps Mc341 Ds1 111 Firmware, Cps Mc341 Ds11 111 Firmware, Cps Mc341 Ds2 911 Firmware, Cps Mc341 A1 111 Firmware, Cps Mcs341 Ds1 111 Firmware, Cps Mcs341 Ds1 131 Firmware, Cps Mcs341g Ds1 130 Firmware, Cps Mcs341g5 Ds1 130 Firmware, Cps Mcs341q Ds1 131 Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.7.10 |
| Running on/with | Platform Versions |
|---|---|
Contec Cps Mg341 Adsc1 111 | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.7.10 |
| Running on/with | Platform Versions |
|---|---|
Contec Cps Mg341 Adsc1 931 | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.7.10 |
| Running on/with | Platform Versions |
|---|---|
Contec Cps Mg341g Adsc1 111 | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.7.10 |
| Running on/with | Platform Versions |
|---|---|
Contec Cps Mg341g Adsc1 930 | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.7.10 |
| Running on/with | Platform Versions |
|---|---|
Contec Cps Mg341g5 Adsc1 931 | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.7.6 |
| Running on/with | Platform Versions |
|---|---|
Contec Cps Mc341 Adsc1 111 | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.7.6 |
| Running on/with | Platform Versions |
|---|---|
Contec Cps Mc341 Adsc1 931 | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.7.6 |
| Running on/with | Platform Versions |
|---|---|
Contec Cps Mc341 Adsc2 111 | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.7.6 |
| Running on/with | Platform Versions |
|---|---|
Contec Cps Mc341g Adsc1 110 | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.7.6 |
| Running on/with | Platform Versions |
|---|---|
Contec Cps Mc341q Adsc1 111 | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.7.6 |
| Running on/with | Platform Versions |
|---|---|
Contec Cps Mc341 Ds1 111 | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.7.6 |
| Running on/with | Platform Versions |
|---|---|
Contec Cps Mc341 Ds11 111 | All versions |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.7.6 |
| Running on/with | Platform Versions |
|---|---|
Contec Cps Mc341 Ds2 911 | All versions |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.7.6 |
| Running on/with | Platform Versions |
|---|---|
Contec Cps Mc341 A1 111 | All versions |
Configuration O
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.8.8 |
| Running on/with | Platform Versions |
|---|---|
Contec Cps Mcs341 Ds1 111 | All versions |
Configuration P
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.8.8 |
| Running on/with | Platform Versions |
|---|---|
Contec Cps Mcs341 Ds1 131 | All versions |
Configuration Q
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.8.8 |
| Running on/with | Platform Versions |
|---|---|
Contec Cps Mcs341g Ds1 130 | All versions |
Configuration R
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.8.8 |
| Running on/with | Platform Versions |
|---|---|
Contec Cps Mcs341g5 Ds1 130 | All versions |
Configuration S
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.8.8 |
| Running on/with | Platform Versions |
|---|---|
Contec Cps Mcs341q Ds1 131 | All versions |
References (10)
Source: vultures@jpcert.or.jp
MitigationVendor Advisory
Source: vultures@jpcert.or.jp
Product
Source: vultures@jpcert.or.jp
Product
Source: vultures@jpcert.or.jp
Product
Source: af854a3a-2127-422b-91ae-364da2661108
MitigationVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Product
Source: af854a3a-2127-422b-91ae-364da2661108
Product
Source: af854a3a-2127-422b-91ae-364da2661108
Product
Timeline
No history available yet.