Inadequate Encryption Vulnerability in CONPROSYS IoT Gateway Products
CVE-2023-27389
What is CVE-2023-27389?
The inadequacy in encryption strength within CONPROSYS IoT Gateway products poses significant security risks. A remote authenticated attacker with administrative privileges can exploit this vulnerability by deploying a specially crafted firmware update file. This could lead to unauthorized changes in system information, allowing for denial-of-service (DoS) conditions or arbitrary code execution. Users of affected models should update their firmware to the latest versions to mitigate these risks.
Affected Version(s)
CONPROSYS IoT Gateway products M2M Gateway with the firmware Ver.3.7.10 and earlier (CPS-MG341-ADSC1-111, CPS-MG341-ADSC1-931, CPS-MG341G-ADSC1-111, CPS-MG341G-ADSC1-930, and CPS-MG341G5-ADSC1-931), M2M Controller Integrated Type with firmware Ver.3.7.6 and earlier versions (CPS-MC341-ADSC1-111, CPS-MC341-ADSC1-931, CPS-MC341-ADSC2-111, CPS-MC341G-ADSC1-110, CPS-MC341Q-ADSC1-111, CPS-MC341-DS1-111, CPS-MC341-DS11-111, CPS-MC341-DS2-911, and CPS-MC341-A1-111), and M2M Controller Configurable Type with firmware Ver.3.8.8 and earlier versions (CPS-MCS341-DS1-111, CPS-MCS341-DS1-131, CPS-MCS341G-DS1-130, CPS-MCS341G5-DS1-130, and CPS-MCS341Q-DS1-131)