All the vulnerabilites related to Contec - CPS-MG341G-ADSC1-930
cve-2023-27389
Vulnerability from cvelistv5
Published
2023-04-11 00:00
Modified
2024-08-02 12:09
Severity ?
EPSS score ?
Summary
Inadequate encryption strength vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker with an administrative privilege to apply a specially crafted Firmware update file, alter the information, cause a denial-of-service (DoS) condition, and/or execute arbitrary code. The affected products and versions are as follows: M2M Gateway with the firmware Ver.3.7.10 and earlier (CPS-MG341-ADSC1-111, CPS-MG341-ADSC1-931, CPS-MG341G-ADSC1-111, CPS-MG341G-ADSC1-930, and CPS-MG341G5-ADSC1-931), M2M Controller Integrated Type with firmware Ver.3.7.6 and earlier versions (CPS-MC341-ADSC1-111, CPS-MC341-ADSC1-931, CPS-MC341-ADSC2-111, CPS-MC341G-ADSC1-110, CPS-MC341Q-ADSC1-111, CPS-MC341-DS1-111, CPS-MC341-DS11-111, CPS-MC341-DS2-911, and CPS-MC341-A1-111), and M2M Controller Configurable Type with firmware Ver.3.8.8 and earlier versions (CPS-MCS341-DS1-111, CPS-MCS341-DS1-131, CPS-MCS341G-DS1-130, CPS-MCS341G5-DS1-130, and CPS-MCS341Q-DS1-131).
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Contec CO.,LTD. | CONPROSYS IoT Gateway products |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:09:43.417Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.contec.com/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_cps_230317_en.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.contec.com/download/donwload-list/?itemid=f832c526-dcf6-4976-85aa-f536c15a8120#firmware"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.contec.com/download/donwload-list/?itemid=a054b3eb-da97-40d0-9598-d7f5ff4239ec#firmware"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.contec.com/download/donwload-list/?itemid=a1b33f0d-d32b-4549-9741-613cd37d5528#firmware"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU96198617/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CONPROSYS IoT Gateway products",
"vendor": "Contec CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "M2M Gateway with the firmware Ver.3.7.10 and earlier (CPS-MG341-ADSC1-111, CPS-MG341-ADSC1-931, CPS-MG341G-ADSC1-111, CPS-MG341G-ADSC1-930, and CPS-MG341G5-ADSC1-931), M2M Controller Integrated Type with firmware Ver.3.7.6 and earlier versions (CPS-MC341-ADSC1-111, CPS-MC341-ADSC1-931, CPS-MC341-ADSC2-111, CPS-MC341G-ADSC1-110, CPS-MC341Q-ADSC1-111, CPS-MC341-DS1-111, CPS-MC341-DS11-111, CPS-MC341-DS2-911, and CPS-MC341-A1-111), and M2M Controller Configurable Type with firmware Ver.3.8.8 and earlier versions (CPS-MCS341-DS1-111, CPS-MCS341-DS1-131, CPS-MCS341G-DS1-130, CPS-MCS341G5-DS1-130, and CPS-MCS341Q-DS1-131)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Inadequate encryption strength vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker with an administrative privilege to apply a specially crafted Firmware update file, alter the information, cause a denial-of-service (DoS) condition, and/or execute arbitrary code. The affected products and versions are as follows: M2M Gateway with the firmware Ver.3.7.10 and earlier (CPS-MG341-ADSC1-111, CPS-MG341-ADSC1-931, CPS-MG341G-ADSC1-111, CPS-MG341G-ADSC1-930, and CPS-MG341G5-ADSC1-931), M2M Controller Integrated Type with firmware Ver.3.7.6 and earlier versions (CPS-MC341-ADSC1-111, CPS-MC341-ADSC1-931, CPS-MC341-ADSC2-111, CPS-MC341G-ADSC1-110, CPS-MC341Q-ADSC1-111, CPS-MC341-DS1-111, CPS-MC341-DS11-111, CPS-MC341-DS2-911, and CPS-MC341-A1-111), and M2M Controller Configurable Type with firmware Ver.3.8.8 and earlier versions (CPS-MCS341-DS1-111, CPS-MCS341-DS1-131, CPS-MCS341G-DS1-130, CPS-MCS341G5-DS1-130, and CPS-MCS341Q-DS1-131)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Inadequate encryption strength",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-11T00:00:00",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.contec.com/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_cps_230317_en.pdf"
},
{
"url": "https://www.contec.com/download/donwload-list/?itemid=f832c526-dcf6-4976-85aa-f536c15a8120#firmware"
},
{
"url": "https://www.contec.com/download/donwload-list/?itemid=a054b3eb-da97-40d0-9598-d7f5ff4239ec#firmware"
},
{
"url": "https://www.contec.com/download/donwload-list/?itemid=a1b33f0d-d32b-4549-9741-613cd37d5528#firmware"
},
{
"url": "https://jvn.jp/en/vu/JVNVU96198617/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-27389",
"datePublished": "2023-04-11T00:00:00",
"dateReserved": "2023-03-14T00:00:00",
"dateUpdated": "2024-08-02T12:09:43.417Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-23575
Vulnerability from cvelistv5
Published
2023-04-11 00:00
Modified
2024-08-02 10:35
Severity ?
EPSS score ?
Summary
Improper access control vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker to bypass access restriction and access Network Maintenance page, which may result in obtaining the network information of the product. The affected products and versions are as follows: M2M Gateway with the firmware Ver.3.7.10 and earlier (CPS-MG341-ADSC1-111, CPS-MG341-ADSC1-931, CPS-MG341G-ADSC1-111, CPS-MG341G-ADSC1-930, and CPS-MG341G5-ADSC1-931), M2M Controller Integrated Type with firmware Ver.3.7.6 and earlier versions (CPS-MC341-ADSC1-111, CPS-MC341-ADSC1-931, CPS-MC341-ADSC2-111, CPS-MC341G-ADSC1-110, CPS-MC341Q-ADSC1-111, CPS-MC341-DS1-111, CPS-MC341-DS11-111, CPS-MC341-DS2-911, and CPS-MC341-A1-111), and M2M Controller Configurable Type with firmware Ver.3.8.8 and earlier versions (CPS-MCS341-DS1-111, CPS-MCS341-DS1-131, CPS-MCS341G-DS1-130, CPS-MCS341G5-DS1-130, and CPS-MCS341Q-DS1-131).
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Contec CO.,LTD. | CONPROSYS IoT Gateway products |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:35:32.911Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.contec.com/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_cps_230317_en.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.contec.com/download/donwload-list/?itemid=f832c526-dcf6-4976-85aa-f536c15a8120#firmware"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.contec.com/download/donwload-list/?itemid=a054b3eb-da97-40d0-9598-d7f5ff4239ec#firmware"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.contec.com/download/donwload-list/?itemid=a1b33f0d-d32b-4549-9741-613cd37d5528#firmware"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU96198617/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CONPROSYS IoT Gateway products",
"vendor": "Contec CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "M2M Gateway with the firmware Ver.3.7.10 and earlier (CPS-MG341-ADSC1-111, CPS-MG341-ADSC1-931, CPS-MG341G-ADSC1-111, CPS-MG341G-ADSC1-930, and CPS-MG341G5-ADSC1-931), M2M Controller Integrated Type with firmware Ver.3.7.6 and earlier versions (CPS-MC341-ADSC1-111, CPS-MC341-ADSC1-931, CPS-MC341-ADSC2-111, CPS-MC341G-ADSC1-110, CPS-MC341Q-ADSC1-111, CPS-MC341-DS1-111, CPS-MC341-DS11-111, CPS-MC341-DS2-911, and CPS-MC341-A1-111), and M2M Controller Configurable Type with firmware Ver.3.8.8 and earlier versions (CPS-MCS341-DS1-111, CPS-MCS341-DS1-131, CPS-MCS341G-DS1-130, CPS-MCS341G5-DS1-130, and CPS-MCS341Q-DS1-131)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker to bypass access restriction and access Network Maintenance page, which may result in obtaining the network information of the product. The affected products and versions are as follows: M2M Gateway with the firmware Ver.3.7.10 and earlier (CPS-MG341-ADSC1-111, CPS-MG341-ADSC1-931, CPS-MG341G-ADSC1-111, CPS-MG341G-ADSC1-930, and CPS-MG341G5-ADSC1-931), M2M Controller Integrated Type with firmware Ver.3.7.6 and earlier versions (CPS-MC341-ADSC1-111, CPS-MC341-ADSC1-931, CPS-MC341-ADSC2-111, CPS-MC341G-ADSC1-110, CPS-MC341Q-ADSC1-111, CPS-MC341-DS1-111, CPS-MC341-DS11-111, CPS-MC341-DS2-911, and CPS-MC341-A1-111), and M2M Controller Configurable Type with firmware Ver.3.8.8 and earlier versions (CPS-MCS341-DS1-111, CPS-MCS341-DS1-131, CPS-MCS341G-DS1-130, CPS-MCS341G5-DS1-130, and CPS-MCS341Q-DS1-131)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper access control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-11T00:00:00",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.contec.com/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_cps_230317_en.pdf"
},
{
"url": "https://www.contec.com/download/donwload-list/?itemid=f832c526-dcf6-4976-85aa-f536c15a8120#firmware"
},
{
"url": "https://www.contec.com/download/donwload-list/?itemid=a054b3eb-da97-40d0-9598-d7f5ff4239ec#firmware"
},
{
"url": "https://www.contec.com/download/donwload-list/?itemid=a1b33f0d-d32b-4549-9741-613cd37d5528#firmware"
},
{
"url": "https://jvn.jp/en/vu/JVNVU96198617/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-23575",
"datePublished": "2023-04-11T00:00:00",
"dateReserved": "2023-03-14T00:00:00",
"dateUpdated": "2024-08-02T10:35:32.911Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-27917
Vulnerability from cvelistv5
Published
2023-04-11 00:00
Modified
2024-08-02 12:23
Severity ?
EPSS score ?
Summary
OS command injection vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker who can access Network Maintenance page to execute arbitrary OS commands with a root privilege. The affected products and versions are as follows: M2M Gateway with the firmware Ver.3.7.10 and earlier (CPS-MG341-ADSC1-111, CPS-MG341-ADSC1-931, CPS-MG341G-ADSC1-111, CPS-MG341G-ADSC1-930, and CPS-MG341G5-ADSC1-931), M2M Controller Integrated Type with firmware Ver.3.7.6 and earlier versions (CPS-MC341-ADSC1-111, CPS-MC341-ADSC1-931, CPS-MC341-ADSC2-111, CPS-MC341G-ADSC1-110, CPS-MC341Q-ADSC1-111, CPS-MC341-DS1-111, CPS-MC341-DS11-111, CPS-MC341-DS2-911, and CPS-MC341-A1-111), and M2M Controller Configurable Type with firmware Ver.3.8.8 and earlier versions (CPS-MCS341-DS1-111, CPS-MCS341-DS1-131, CPS-MCS341G-DS1-130, CPS-MCS341G5-DS1-130, and CPS-MCS341Q-DS1-131).
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Contec CO.,LTD. | CONPROSYS IoT Gateway products |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:23:30.509Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.contec.com/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_cps_230317_en.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.contec.com/download/donwload-list/?itemid=f832c526-dcf6-4976-85aa-f536c15a8120#firmware"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.contec.com/download/donwload-list/?itemid=a054b3eb-da97-40d0-9598-d7f5ff4239ec#firmware"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.contec.com/download/donwload-list/?itemid=a1b33f0d-d32b-4549-9741-613cd37d5528#firmware"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU96198617/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CONPROSYS IoT Gateway products",
"vendor": "Contec CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "M2M Gateway with the firmware Ver.3.7.10 and earlier (CPS-MG341-ADSC1-111, CPS-MG341-ADSC1-931, CPS-MG341G-ADSC1-111, CPS-MG341G-ADSC1-930, and CPS-MG341G5-ADSC1-931), M2M Controller Integrated Type with firmware Ver.3.7.6 and earlier versions (CPS-MC341-ADSC1-111, CPS-MC341-ADSC1-931, CPS-MC341-ADSC2-111, CPS-MC341G-ADSC1-110, CPS-MC341Q-ADSC1-111, CPS-MC341-DS1-111, CPS-MC341-DS11-111, CPS-MC341-DS2-911, and CPS-MC341-A1-111), and M2M Controller Configurable Type with firmware Ver.3.8.8 and earlier versions (CPS-MCS341-DS1-111, CPS-MCS341-DS1-131, CPS-MCS341G-DS1-130, CPS-MCS341G5-DS1-130, and CPS-MCS341Q-DS1-131)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OS command injection vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker who can access Network Maintenance page to execute arbitrary OS commands with a root privilege. The affected products and versions are as follows: M2M Gateway with the firmware Ver.3.7.10 and earlier (CPS-MG341-ADSC1-111, CPS-MG341-ADSC1-931, CPS-MG341G-ADSC1-111, CPS-MG341G-ADSC1-930, and CPS-MG341G5-ADSC1-931), M2M Controller Integrated Type with firmware Ver.3.7.6 and earlier versions (CPS-MC341-ADSC1-111, CPS-MC341-ADSC1-931, CPS-MC341-ADSC2-111, CPS-MC341G-ADSC1-110, CPS-MC341Q-ADSC1-111, CPS-MC341-DS1-111, CPS-MC341-DS11-111, CPS-MC341-DS2-911, and CPS-MC341-A1-111), and M2M Controller Configurable Type with firmware Ver.3.8.8 and earlier versions (CPS-MCS341-DS1-111, CPS-MCS341-DS1-131, CPS-MCS341G-DS1-130, CPS-MCS341G5-DS1-130, and CPS-MCS341Q-DS1-131)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-11T00:00:00",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.contec.com/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_cps_230317_en.pdf"
},
{
"url": "https://www.contec.com/download/donwload-list/?itemid=f832c526-dcf6-4976-85aa-f536c15a8120#firmware"
},
{
"url": "https://www.contec.com/download/donwload-list/?itemid=a054b3eb-da97-40d0-9598-d7f5ff4239ec#firmware"
},
{
"url": "https://www.contec.com/download/donwload-list/?itemid=a1b33f0d-d32b-4549-9741-613cd37d5528#firmware"
},
{
"url": "https://jvn.jp/en/vu/JVNVU96198617/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-27917",
"datePublished": "2023-04-11T00:00:00",
"dateReserved": "2023-03-14T00:00:00",
"dateUpdated": "2024-08-02T12:23:30.509Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
jvndb-2023-001320
Vulnerability from jvndb
Published
2023-03-22 13:41
Modified
2024-06-04 17:00
Severity ?
Summary
Multiple vulnerabilities in Contec CONPROSYS IoT Gateway products
Details
CONPROSYS IoT Gateway products provided by Contec CO.,LTD. contain multiple vulnerabilities listed below.
* OS Command Injection (CWE-78) - CVE-2023-27917
Network Maintenance page validates input values improperly, resulting in OS command injection.
* Inadequate Encryption Strength (CWE-326) - CVE-2023-27389
Firmware update file contains a firmware image encrypted, which can be decrypted by examining the bundled install script and a little more work.
* Improper Access Control (CWE-284) - CVE-2023-23575
Network Maintenance page should be available only to administrative users, but the device fails to restrict access.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | http://jvn.jp/en/vu/JVNVU96198617/index.html | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2023-27917 | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2023-27389 | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2023-23575 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2023-23575 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2023-27389 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2023-27917 | |
| Improper Access Control(CWE-284) | https://cwe.mitre.org/data/definitions/284.html | |
| Inadequate Encryption Strength(CWE-326) | https://cwe.mitre.org/data/definitions/326.html | |
| OS Command Injection(CWE-78) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-001320.html",
"dc:date": "2024-06-04T17:00+09:00",
"dcterms:issued": "2023-03-22T13:41+09:00",
"dcterms:modified": "2024-06-04T17:00+09:00",
"description": "CONPROSYS IoT Gateway products provided by Contec CO.,LTD. contain multiple vulnerabilities listed below.\r\n\r\n* OS Command Injection (CWE-78) - CVE-2023-27917\r\nNetwork Maintenance page validates input values improperly, resulting in OS command injection.\r\n* Inadequate Encryption Strength (CWE-326) - CVE-2023-27389\r\nFirmware update file contains a firmware image encrypted, which can be decrypted by examining the bundled install script and a little more work.\r\n* Improper Access Control (CWE-284) - CVE-2023-23575\r\nNetwork Maintenance page should be available only to administrative users, but the device fails to restrict access.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-001320.html",
"sec:cpe": [
{
"#text": "cpe:/o:contec:cps-mc341-a1-111_firmware",
"@product": "CPS-MC341-A1-111",
"@vendor": "Contec",
"@version": "2.2"
},
{
"#text": "cpe:/o:contec:cps-mc341-adsc1-111_firmware",
"@product": "CPS-MC341-ADSC1-111",
"@vendor": "Contec",
"@version": "2.2"
},
{
"#text": "cpe:/o:contec:cps-mc341-adsc1-931_firmware",
"@product": "CPS-MC341-ADSC1-931",
"@vendor": "Contec",
"@version": "2.2"
},
{
"#text": "cpe:/o:contec:cps-mc341-adsc2-111_firmware",
"@product": "CPS-MC341-ADSC2-111",
"@vendor": "Contec",
"@version": "2.2"
},
{
"#text": "cpe:/o:contec:cps-mc341-ds1-111_firmware",
"@product": "CPS-MC341-DS1-111",
"@vendor": "Contec",
"@version": "2.2"
},
{
"#text": "cpe:/o:contec:cps-mc341-ds11-111_firmware",
"@product": "CPS-MC341-DS11-111",
"@vendor": "Contec",
"@version": "2.2"
},
{
"#text": "cpe:/o:contec:cps-mc341-ds2-911_firmware",
"@product": "CPS-MC341-DS2-911",
"@vendor": "Contec",
"@version": "2.2"
},
{
"#text": "cpe:/o:contec:cps-mc341g-adsc1-110_firmwar",
"@product": "CPS-MC341G-ADSC1-110",
"@vendor": "Contec",
"@version": "2.2"
},
{
"#text": "cpe:/o:contec:cps-mc341q-adsc1-111_firmware",
"@product": "CPS-MC341Q-ADSC1-111",
"@vendor": "Contec",
"@version": "2.2"
},
{
"#text": "cpe:/o:contec:cps-mcs341-ds1-111_firmware",
"@product": "CPS-MCS341-DS1-111",
"@vendor": "Contec",
"@version": "2.2"
},
{
"#text": "cpe:/o:contec:cps-mcs341-ds1-131_firmware",
"@product": "CPS-MCS341-DS1-131",
"@vendor": "Contec",
"@version": "2.2"
},
{
"#text": "cpe:/o:contec:cps-mcs341g-ds1-130_firmware",
"@product": "CPS-MCS341G-DS1-130",
"@vendor": "Contec",
"@version": "2.2"
},
{
"#text": "cpe:/o:contec:cps-mcs341g5-ds1-130_firmware",
"@product": "CPS-MCS341G5-DS1-130",
"@vendor": "Contec",
"@version": "2.2"
},
{
"#text": "cpe:/o:contec:cps-mcs341q-ds1-131_firmware",
"@product": "CPS-MCS341Q-DS1-131",
"@vendor": "Contec",
"@version": "2.2"
},
{
"#text": "cpe:/o:contec:cps-mg341-adsc1-111_firmware",
"@product": "CPS-MG341-ADSC1-111",
"@vendor": "Contec",
"@version": "2.2"
},
{
"#text": "cpe:/o:contec:cps-mg341-adsc1-931_firmware",
"@product": "CPS-MG341-ADSC1-931",
"@vendor": "Contec",
"@version": "2.2"
},
{
"#text": "cpe:/o:contec:cps-mg341g-adsc1-111_firmware",
"@product": "CPS-MG341G-ADSC1-111",
"@vendor": "Contec",
"@version": "2.2"
},
{
"#text": "cpe:/o:contec:cps-mg341g-adsc1-930_firmware",
"@product": "CPS-MG341G-ADSC1-930",
"@vendor": "Contec",
"@version": "2.2"
},
{
"#text": "cpe:/o:contec:cps-mg341g5-adsc1-931_firmware",
"@product": "CPS-MG341G5-ADSC1-931",
"@vendor": "Contec",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "8.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2023-001320",
"sec:references": [
{
"#text": "http://jvn.jp/en/vu/JVNVU96198617/index.html",
"@id": "JVNVU#96198617",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-27917",
"@id": "CVE-2023-27917",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-27389",
"@id": "CVE-2023-27389",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-23575",
"@id": "CVE-2023-23575",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-23575",
"@id": "CVE-2023-23575",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-27389",
"@id": "CVE-2023-27389",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-27917",
"@id": "CVE-2023-27917",
"@source": "NVD"
},
{
"#text": "https://cwe.mitre.org/data/definitions/284.html",
"@id": "CWE-284",
"@title": "Improper Access Control(CWE-284)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/326.html",
"@id": "CWE-326",
"@title": "Inadequate Encryption Strength(CWE-326)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
}
],
"title": "Multiple vulnerabilities in Contec CONPROSYS IoT Gateway products"
}