Improper Access Control in CONPROSYS IoT Gateway Products by Contec
CVE-2023-23575
What is CVE-2023-23575?
A vulnerability in the CONPROSYS IoT Gateway products from Contec allows remote authenticated attackers to bypass access restrictions, gaining unauthorized access to the Network Maintenance page. This breach could potentially expose sensitive network information, significantly compromising the integrity and security of affected devices. Users of the M2M Gateway and Controller Integrated and Configurable types should review their firmware versions and take appropriate actions to secure their systems against this vulnerability.
Affected Version(s)
CONPROSYS IoT Gateway products M2M Gateway with the firmware Ver.3.7.10 and earlier (CPS-MG341-ADSC1-111, CPS-MG341-ADSC1-931, CPS-MG341G-ADSC1-111, CPS-MG341G-ADSC1-930, and CPS-MG341G5-ADSC1-931), M2M Controller Integrated Type with firmware Ver.3.7.6 and earlier versions (CPS-MC341-ADSC1-111, CPS-MC341-ADSC1-931, CPS-MC341-ADSC2-111, CPS-MC341G-ADSC1-110, CPS-MC341Q-ADSC1-111, CPS-MC341-DS1-111, CPS-MC341-DS11-111, CPS-MC341-DS2-911, and CPS-MC341-A1-111), and M2M Controller Configurable Type with firmware Ver.3.8.8 and earlier versions (CPS-MCS341-DS1-111, CPS-MCS341-DS1-131, CPS-MCS341G-DS1-130, CPS-MCS341G5-DS1-130, and CPS-MCS341Q-DS1-131)