Refine your search
1 vulnerability found for cps-mc341-a1-111 by contec
jvndb-2023-001320
Vulnerability from jvndb
Published
2023-03-22 13:41
Modified
2024-06-04 17:00
Severity ?
Summary
Multiple vulnerabilities in Contec CONPROSYS IoT Gateway products
Details
CONPROSYS IoT Gateway products provided by Contec CO.,LTD. contain multiple vulnerabilities listed below.
* OS Command Injection (CWE-78) - CVE-2023-27917
Network Maintenance page validates input values improperly, resulting in OS command injection.
* Inadequate Encryption Strength (CWE-326) - CVE-2023-27389
Firmware update file contains a firmware image encrypted, which can be decrypted by examining the bundled install script and a little more work.
* Improper Access Control (CWE-284) - CVE-2023-23575
Network Maintenance page should be available only to administrative users, but the device fails to restrict access.
References
| Type | URL | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-001320.html",
"dc:date": "2024-06-04T17:00+09:00",
"dcterms:issued": "2023-03-22T13:41+09:00",
"dcterms:modified": "2024-06-04T17:00+09:00",
"description": "CONPROSYS IoT Gateway products provided by Contec CO.,LTD. contain multiple vulnerabilities listed below.\r\n\r\n* OS Command Injection (CWE-78) - CVE-2023-27917\r\nNetwork Maintenance page validates input values improperly, resulting in OS command injection.\r\n* Inadequate Encryption Strength (CWE-326) - CVE-2023-27389\r\nFirmware update file contains a firmware image encrypted, which can be decrypted by examining the bundled install script and a little more work.\r\n* Improper Access Control (CWE-284) - CVE-2023-23575\r\nNetwork Maintenance page should be available only to administrative users, but the device fails to restrict access.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-001320.html",
"sec:cpe": [
{
"#text": "cpe:/o:contec:cps-mc341-a1-111_firmware",
"@product": "CPS-MC341-A1-111",
"@vendor": "Contec",
"@version": "2.2"
},
{
"#text": "cpe:/o:contec:cps-mc341-adsc1-111_firmware",
"@product": "CPS-MC341-ADSC1-111",
"@vendor": "Contec",
"@version": "2.2"
},
{
"#text": "cpe:/o:contec:cps-mc341-adsc1-931_firmware",
"@product": "CPS-MC341-ADSC1-931",
"@vendor": "Contec",
"@version": "2.2"
},
{
"#text": "cpe:/o:contec:cps-mc341-adsc2-111_firmware",
"@product": "CPS-MC341-ADSC2-111",
"@vendor": "Contec",
"@version": "2.2"
},
{
"#text": "cpe:/o:contec:cps-mc341-ds1-111_firmware",
"@product": "CPS-MC341-DS1-111",
"@vendor": "Contec",
"@version": "2.2"
},
{
"#text": "cpe:/o:contec:cps-mc341-ds11-111_firmware",
"@product": "CPS-MC341-DS11-111",
"@vendor": "Contec",
"@version": "2.2"
},
{
"#text": "cpe:/o:contec:cps-mc341-ds2-911_firmware",
"@product": "CPS-MC341-DS2-911",
"@vendor": "Contec",
"@version": "2.2"
},
{
"#text": "cpe:/o:contec:cps-mc341g-adsc1-110_firmwar",
"@product": "CPS-MC341G-ADSC1-110",
"@vendor": "Contec",
"@version": "2.2"
},
{
"#text": "cpe:/o:contec:cps-mc341q-adsc1-111_firmware",
"@product": "CPS-MC341Q-ADSC1-111",
"@vendor": "Contec",
"@version": "2.2"
},
{
"#text": "cpe:/o:contec:cps-mcs341-ds1-111_firmware",
"@product": "CPS-MCS341-DS1-111",
"@vendor": "Contec",
"@version": "2.2"
},
{
"#text": "cpe:/o:contec:cps-mcs341-ds1-131_firmware",
"@product": "CPS-MCS341-DS1-131",
"@vendor": "Contec",
"@version": "2.2"
},
{
"#text": "cpe:/o:contec:cps-mcs341g-ds1-130_firmware",
"@product": "CPS-MCS341G-DS1-130",
"@vendor": "Contec",
"@version": "2.2"
},
{
"#text": "cpe:/o:contec:cps-mcs341g5-ds1-130_firmware",
"@product": "CPS-MCS341G5-DS1-130",
"@vendor": "Contec",
"@version": "2.2"
},
{
"#text": "cpe:/o:contec:cps-mcs341q-ds1-131_firmware",
"@product": "CPS-MCS341Q-DS1-131",
"@vendor": "Contec",
"@version": "2.2"
},
{
"#text": "cpe:/o:contec:cps-mg341-adsc1-111_firmware",
"@product": "CPS-MG341-ADSC1-111",
"@vendor": "Contec",
"@version": "2.2"
},
{
"#text": "cpe:/o:contec:cps-mg341-adsc1-931_firmware",
"@product": "CPS-MG341-ADSC1-931",
"@vendor": "Contec",
"@version": "2.2"
},
{
"#text": "cpe:/o:contec:cps-mg341g-adsc1-111_firmware",
"@product": "CPS-MG341G-ADSC1-111",
"@vendor": "Contec",
"@version": "2.2"
},
{
"#text": "cpe:/o:contec:cps-mg341g-adsc1-930_firmware",
"@product": "CPS-MG341G-ADSC1-930",
"@vendor": "Contec",
"@version": "2.2"
},
{
"#text": "cpe:/o:contec:cps-mg341g5-adsc1-931_firmware",
"@product": "CPS-MG341G5-ADSC1-931",
"@vendor": "Contec",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "8.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2023-001320",
"sec:references": [
{
"#text": "http://jvn.jp/en/vu/JVNVU96198617/index.html",
"@id": "JVNVU#96198617",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-27917",
"@id": "CVE-2023-27917",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-27389",
"@id": "CVE-2023-27389",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-23575",
"@id": "CVE-2023-23575",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-23575",
"@id": "CVE-2023-23575",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-27389",
"@id": "CVE-2023-27389",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-27917",
"@id": "CVE-2023-27917",
"@source": "NVD"
},
{
"#text": "https://cwe.mitre.org/data/definitions/284.html",
"@id": "CWE-284",
"@title": "Improper Access Control(CWE-284)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/326.html",
"@id": "CWE-326",
"@title": "Inadequate Encryption Strength(CWE-326)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
}
],
"title": "Multiple vulnerabilities in Contec CONPROSYS IoT Gateway products"
}