Improper access control vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker to bypass access restriction and access Network Maintenance page, which may result in obtaining the network information of the product. The affected products and versions are as follows: M2M Gateway with the firmware Ver.3.7.10 and earlier (CPS-MG341-ADSC1-111, CPS-MG341-ADSC1-931, CPS-MG341G-ADSC1-111, CPS-MG341G-ADSC1-930, and CPS-MG341G5-ADSC1-931), M2M Controller Integrated Type with firmware Ver.3.7.6 and earlier versions (CPS-MC341-ADSC1-111, CPS-MC341-ADSC1-931, CPS-MC341-ADSC2-111, CPS-MC341G-ADSC1-110, CPS-MC341Q-ADSC1-111, CPS-MC341-DS1-111, CPS-MC341-DS11-111, CPS-MC341-DS2-911, and CPS-MC341-A1-111), and M2M Controller Configurable Type with firmware Ver.3.8.8 and earlier versions (CPS-MCS341-DS1-111, CPS-MCS341-DS1-131, CPS-MCS341G-DS1-130, CPS-MCS341G5-DS1-130, and CPS-MCS341Q-DS1-131).

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Contec
  • Cps-mc341-a1-111
  • Cps-mc341-a1-111 Firmware
  • Cps-mc341-adsc1-111
  • Cps-mc341-adsc1-111 Firmware
  • Cps-mc341-adsc1-931
  • Cps-mc341-adsc1-931 Firmware
  • Cps-mc341-adsc2-111
  • Cps-mc341-adsc2-111 Firmware
  • Cps-mc341-ds1-111
  • Cps-mc341-ds1-111 Firmware
  • Cps-mc341-ds11-111
  • Cps-mc341-ds11-111 Firmware
  • Cps-mc341-ds2-911
  • Cps-mc341-ds2-911 Firmware
  • Cps-mc341g-adsc1-110
  • Cps-mc341g-adsc1-110 Firmware
  • Cps-mc341q-adsc1-111
  • Cps-mc341q-adsc1-111 Firmware
  • Cps-mcs341-ds1-111
  • Cps-mcs341-ds1-111 Firmware
  • Cps-mcs341-ds1-131
  • Cps-mcs341-ds1-131 Firmware
  • Cps-mcs341g-ds1-130
  • Cps-mcs341g-ds1-130 Firmware
  • Cps-mcs341g5-ds1-130
  • Cps-mcs341g5-ds1-130 Firmware
  • Cps-mcs341q-ds1-131
  • Cps-mcs341q-ds1-131 Firmware
  • Cps-mg341-adsc1-111
  • Cps-mg341-adsc1-111 Firmware
  • Cps-mg341-adsc1-931
  • Cps-mg341-adsc1-931 Firmware
  • Cps-mg341g-adsc1-111
  • Cps-mg341g-adsc1-111 Firmware
  • Cps-mg341g-adsc1-930
  • Cps-mg341g-adsc1-930 Firmware
  • Cps-mg341g5-adsc1-931
  • Cps-mg341g5-adsc1-931 Firmware

Configuration 1 [-]

AND
cpe:2.3:o:contec:cps-mg341-adsc1-111_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:contec:cps-mg341-adsc1-111:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:contec:cps-mg341-adsc1-931_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:contec:cps-mg341-adsc1-931:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:contec:cps-mg341g-adsc1-111_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:contec:cps-mg341g-adsc1-111:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:contec:cps-mg341g-adsc1-930_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:contec:cps-mg341g-adsc1-930:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:contec:cps-mg341g5-adsc1-931_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:contec:cps-mg341g5-adsc1-931:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:contec:cps-mc341-adsc1-111_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:contec:cps-mc341-adsc1-111:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:contec:cps-mc341-adsc1-931_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:contec:cps-mc341-adsc1-931:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:contec:cps-mc341-adsc2-111_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:contec:cps-mc341-adsc2-111:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:contec:cps-mc341g-adsc1-110_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:contec:cps-mc341g-adsc1-110:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND
cpe:2.3:o:contec:cps-mc341q-adsc1-111_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:contec:cps-mc341q-adsc1-111:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND
cpe:2.3:o:contec:cps-mc341-ds1-111_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:contec:cps-mc341-ds1-111:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND
cpe:2.3:o:contec:cps-mc341-ds11-111_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:contec:cps-mc341-ds11-111:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND
cpe:2.3:o:contec:cps-mc341-ds2-911_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:contec:cps-mc341-ds2-911:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND
cpe:2.3:o:contec:cps-mc341-a1-111_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:contec:cps-mc341-a1-111:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND
cpe:2.3:o:contec:cps-mcs341-ds1-111_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:contec:cps-mcs341-ds1-111:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND
cpe:2.3:o:contec:cps-mcs341-ds1-131_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:contec:cps-mcs341-ds1-131:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND
cpe:2.3:o:contec:cps-mcs341g-ds1-130_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:contec:cps-mcs341g-ds1-130:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND
cpe:2.3:o:contec:cps-mcs341g5-ds1-130_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:contec:cps-mcs341g5-ds1-130:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND
cpe:2.3:o:contec:cps-mcs341q-ds1-131_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:contec:cps-mcs341q-ds1-131:-:*:*:*:*:*:*:*

No data.

References
Link Providers
https://jvn.jp/en/vu/JVNVU96198617/ cve-icon cve-icon
https://www.contec.com/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_cps_230317_en.pdf cve-icon cve-icon
https://www.contec.com/download/donwload-list/?itemid=a054b3eb-da97-40d0-9598-d7f5ff4239ec#firmware cve-icon cve-icon
https://www.contec.com/download/donwload-list/?itemid=a1b33f0d-d32b-4549-9741-613cd37d5528#firmware cve-icon cve-icon
https://www.contec.com/download/donwload-list/?itemid=f832c526-dcf6-4976-85aa-f536c15a8120#firmware cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: jpcert

Published: 2023-04-11T00:00:00

Updated: 2024-08-02T10:35:32.911Z

Reserved: 2023-03-14T00:00:00

Link: CVE-2023-23575

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-04-11T09:15:07.753

Modified: 2024-11-21T07:46:27.547

Link: CVE-2023-23575

cve-icon Redhat

No data.