CVE-2023-23575

Improper access control vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker to bypass access restriction and access Network Maintenance page, which may result in obtaining the network information of the product. The affected products and versions are as follows: M2M Gateway with the firmware Ver.3.7.10 and earlier (CPS-MG341-ADSC1-111, CPS-MG341-ADSC1-931, CPS-MG341G-ADSC1-111, CPS-MG341G-ADSC1-930, and CPS-MG341G5-ADSC1-931), M2M Controller Integrated Type with firmware Ver.3.7.6 and earlier versions (CPS-MC341-ADSC1-111, CPS-MC341-ADSC1-931, CPS-MC341-ADSC2-111, CPS-MC341G-ADSC1-110, CPS-MC341Q-ADSC1-111, CPS-MC341-DS1-111, CPS-MC341-DS11-111, CPS-MC341-DS2-911, and CPS-MC341-A1-111), and M2M Controller Configurable Type with firmware Ver.3.8.8 and earlier versions (CPS-MCS341-DS1-111, CPS-MCS341-DS1-131, CPS-MCS341G-DS1-130, CPS-MCS341G5-DS1-130, and CPS-MCS341Q-DS1-131).

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://jvn.jp/en/vu/JVNVU96198617/	Third Party Advisory
https://www.contec.com/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_cps_230317_en.pdf	Mitigation Vendor Advisory
https://www.contec.com/download/donwload-list/?itemid=a054b3eb-da97-40d0-9598-d7f5ff4239ec#firmware	Product
https://www.contec.com/download/donwload-list/?itemid=a1b33f0d-d32b-4549-9741-613cd37d5528#firmware	Product
https://www.contec.com/download/donwload-list/?itemid=f832c526-dcf6-4976-85aa-f536c15a8120#firmware	Product

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:contec:cps-mg341-adsc1-111_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:contec:cps-mg341-adsc1-111:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:contec:cps-mg341-adsc1-931_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:contec:cps-mg341-adsc1-931:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:contec:cps-mg341g-adsc1-111_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:contec:cps-mg341g-adsc1-111:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:contec:cps-mg341g-adsc1-930_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:contec:cps-mg341g-adsc1-930:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:contec:cps-mg341g5-adsc1-931_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:contec:cps-mg341g5-adsc1-931:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:contec:cps-mc341-adsc1-111_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:contec:cps-mc341-adsc1-111:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:contec:cps-mc341-adsc1-931_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:contec:cps-mc341-adsc1-931:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:contec:cps-mc341-adsc2-111_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:contec:cps-mc341-adsc2-111:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:contec:cps-mc341g-adsc1-110_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:contec:cps-mc341g-adsc1-110:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:contec:cps-mc341q-adsc1-111_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:contec:cps-mc341q-adsc1-111:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:contec:cps-mc341-ds1-111_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:contec:cps-mc341-ds1-111:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:contec:cps-mc341-ds11-111_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:contec:cps-mc341-ds11-111:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:contec:cps-mc341-ds2-911_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:contec:cps-mc341-ds2-911:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:contec:cps-mc341-a1-111_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:contec:cps-mc341-a1-111:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:contec:cps-mcs341-ds1-111_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:contec:cps-mcs341-ds1-111:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:contec:cps-mcs341-ds1-131_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:contec:cps-mcs341-ds1-131:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:contec:cps-mcs341g-ds1-130_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:contec:cps-mcs341g-ds1-130:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:contec:cps-mcs341g5-ds1-130_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:contec:cps-mcs341g5-ds1-130:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:contec:cps-mcs341q-ds1-131_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:contec:cps-mcs341q-ds1-131:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-04-11 09:15

Updated : 2024-02-28 20:13

NVD link : CVE-2023-23575

Mitre link : CVE-2023-23575

CVE.ORG link : CVE-2023-23575

JSON object : View

Products Affected

contec

cps-mg341g-adsc1-111
cps-mcs341g5-ds1-130
cps-mc341-ds11-111_firmware
cps-mc341-ds2-911_firmware
cps-mc341g-adsc1-110_firmware
cps-mc341-adsc2-111
cps-mc341-adsc1-931_firmware
cps-mg341g-adsc1-930
cps-mcs341q-ds1-131
cps-mc341-a1-111_firmware
cps-mc341-ds2-911
cps-mg341-adsc1-111_firmware
cps-mg341-adsc1-931_firmware
cps-mcs341-ds1-111_firmware
cps-mg341-adsc1-111
cps-mc341-a1-111
cps-mg341g-adsc1-930_firmware
cps-mcs341g5-ds1-130_firmware
cps-mc341-adsc1-931
cps-mg341g-adsc1-111_firmware
cps-mg341g5-adsc1-931_firmware
cps-mcs341g-ds1-130
cps-mcs341-ds1-111
cps-mc341-adsc1-111_firmware
cps-mcs341-ds1-131_firmware
cps-mc341-ds1-111_firmware
cps-mg341g5-adsc1-931
cps-mcs341g-ds1-130_firmware
cps-mc341g-adsc1-110
cps-mc341q-adsc1-111
cps-mc341-adsc2-111_firmware
cps-mc341-adsc1-111
cps-mcs341q-ds1-131_firmware
cps-mg341-adsc1-931
cps-mc341q-adsc1-111_firmware
cps-mc341-ds1-111
cps-mc341-ds11-111
cps-mcs341-ds1-131

CWE

NVD-CWE-noinfo

4.3 /10