[Japanese]

JVNDB-2023-001320

Multiple vulnerabilities in Contec CONPROSYS IoT Gateway products

Overview

CONPROSYS IoT Gateway products provided by Contec CO.,LTD. contain multiple vulnerabilities listed below.

* OS Command Injection (CWE-78) - CVE-2023-27917
Network Maintenance page validates input values improperly, resulting in OS command injection.
* Inadequate Encryption Strength (CWE-326) - CVE-2023-27389
Firmware update file contains a firmware image encrypted, which can be decrypted by examining the bundled install script and a little more work.
* Improper Access Control (CWE-284) - CVE-2023-23575
Network Maintenance page should be available only to administrative users, but the device fails to restrict access.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 8.8 (High) [Other]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
The above CVSS base scores have been assigned for CVE-2023-27917

CVSS V3 Severity:
Base Metrics:6.6 (Medium) [Other]
  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: High
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
The above CVSS base scores have been assigned for CVE-2023-27389

CVSS V3 Severity:
"Base Metrics:4.3 (Medium) [Other]"
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: Low
  • Integrity Impact: None
  • Availability Impact:
The above CVSS base scores have been assigned for CVE-2023-23575
Affected Products


Contec
  • CPS-MC341-A1-111 Ver.3.7.6 and earlier versions - M2M Controller Integrated Type with firmware (9 models)
  • CPS-MC341-ADSC1-111 Ver.3.7.6 and earlier versions - M2M Controller Integrated Type with firmware (9 models)
  • CPS-MC341-ADSC1-931 Ver.3.7.6 and earlier versions - M2M Controller Integrated Type with firmware (9 models)
  • CPS-MC341-ADSC2-111 Ver.3.7.6 and earlier versions - M2M Controller Integrated Type with firmware (9 models)
  • CPS-MC341-DS1-111 Ver.3.7.6 and earlier versions - M2M Controller Integrated Type with firmware (9 models)
  • CPS-MC341-DS11-111 Ver.3.7.6 and earlier versions - M2M Controller Integrated Type with firmware (9 models)
  • CPS-MC341-DS2-911 Ver.3.7.6 and earlier versions - M2M Controller Integrated Type with firmware (9 models)
  • CPS-MC341G-ADSC1-110 Ver.3.7.6 and earlier versions - M2M Controller Integrated Type with firmware (9 models)
  • CPS-MC341Q-ADSC1-111 Ver.3.7.6 and earlier versions - M2M Controller Integrated Type with firmware (9 models)
  • CPS-MCS341-DS1-111 Ver.3.8.8 and earlier versions - M2M Controller Configurable Type with firmware (5 models)
  • CPS-MCS341-DS1-131 Ver.3.8.8 and earlier versions - M2M Controller Configurable Type with firmware (5 models)
  • CPS-MCS341G-DS1-130 Ver.3.8.8 and earlier versions - M2M Controller Configurable Type with firmware (5 models)
  • CPS-MCS341G5-DS1-130 Ver.3.8.8 and earlier versions - M2M Controller Configurable Type with firmware (5 models)
  • CPS-MCS341Q-DS1-131 Ver.3.8.8 and earlier versions - M2M Controller Configurable Type with firmware (5 models)
  • CPS-MG341-ADSC1-111 Ver.3.7.10 and earlier versions - M2M Gateway with firmware (5 models)
  • CPS-MG341-ADSC1-931 Ver.3.7.10 and earlier versions - M2M Gateway with firmware (5 models)
  • CPS-MG341G-ADSC1-111 Ver.3.7.10 and earlier versions - M2M Gateway with firmware (5 models)
  • CPS-MG341G-ADSC1-930 Ver.3.7.10 and earlier versions - M2M Gateway with firmware (5 models)
  • CPS-MG341G5-ADSC1-931 Ver.3.7.10 and earlier versions - M2M Gateway with firmware (5 models)

Impact

* A user who can access Network Maintenance page may execute an arbitrary OS command with root privilege - CVE-2023-27917
* An authenticated user may apply a specially crafted Firmware update file, to alter the information, cause a denial-of-service (DoS), execute arbitrary code - CVE-2023-27389
* A non-privileged user may access Network Maintenance page to obtain the network information of the product - CVE-2023-23575
Solution

[Update the Software]
Update the firmware to the latest version according to the information provided by the developer.

[Apply the workaround]
Applying the following workarounds may mitigate the impacts of the vulnerabilities.

Place the product behind a firewall
Restrict access to the product only from the trusted network
Change the credential information from the initial configuration
Change credentials regularly
Vendor Information

Contec
CWE (What is CWE?)

  1. Improper Access Control(CWE-284) [Other]
  2. Inadequate Encryption Strength(CWE-326) [Other]
  3. OS Command Injection(CWE-78) [Other]
CVE (What is CVE?)

  1. CVE-2023-27917
  2. CVE-2023-27389
  3. CVE-2023-23575
References

  1. JVN : JVNVU#96198617
  2. National Vulnerability Database (NVD) : CVE-2023-23575
  3. National Vulnerability Database (NVD) : CVE-2023-27389
  4. National Vulnerability Database (NVD) : CVE-2023-27917
Revision History

  • [2023/03/22]
      Web page was published
  • [2024/06/04]
      References : Contents were added

Date Public2023/03/17
Date First Published2023/03/22
Date Last Updated2024/06/04