Published:2023/03/17 Last Updated:2023/04/11
JVNVU#96198617
Multiple vulnerabilities in Contec CONPROSYS IoT Gateway products
Overview
CONPROSYS IoT Gateway products provided by Contec CO.,LTD. contain multiple vulnerabilities.
Products Affected
- M2M Gateway with firmware Ver.3.7.10 and earlier versions (5 models)
- CPS-MG341-ADSC1-111
- CPS-MG341-ADSC1-931
- CPS-MG341G-ADSC1-111
- CPS-MG341G-ADSC1-930
- CPS-MG341G5-ADSC1-931
- M2M Controller Integrated Type with firmware Ver.3.7.6 and earlier versions (9 models)
- CPS-MC341-ADSC1-111
- CPS-MC341-ADSC1-931
- CPS-MC341-ADSC2-111
- CPS-MC341G-ADSC1-110
- CPS-MC341Q-ADSC1-111
- CPS-MC341-DS1-111
- CPS-MC341-DS11-111
- CPS-MC341-DS2-911
- CPS-MC341-A1-111
- M2M Controller Configurable Type with firmware Ver.3.8.8 and earlier versions (5 models)
- CPS-MCS341-DS1-111
- CPS-MCS341-DS1-131
- CPS-MCS341G-DS1-130
- CPS-MCS341G5-DS1-130
- CPS-MCS341Q-DS1-131
Description
CONPROSYS IoT Gateway products provided by Contec CO.,LTD. contain multiple vulnerabilities listed below.
- OS Command Injection (CWE-78) - CVE-2023-27917
Network Maintenance page validates input values improperly, resulting in OS command injection.CVSS v3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score: 8.8 - Inadequate Encryption Strength (CWE-326) - CVE-2023-27389
Firmware update file contains a firmware image encrypted, which can be decrypted by examining the bundled install script and a little more work.CVSS v3 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score: 6.6 - Improper Access Control (CWE-284) - CVE-2023-23575
Network Maintenance page should be available only to administrative users, but the device fails to restrict access.CVSS v3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Base Score: 4.3
Impact
- A user who can access Network Maintenance page may execute an arbitrary OS command with root privilege - CVE-2023-27917
- An authenticated user may apply a specially crafted Firmware update file, to alter the information, cause a denial-of-service (DoS), execute arbitrary code - CVE-2023-27389
- A non-privileged user may access Network Maintenance page to obtain the network information of the product - CVE-2023-23575
Solution
Update the Software
Update the firmware to the latest version according to the information provided by the developer.
Apply the workaround
Applying the following workarounds may mitigate the impacts of the vulnerabilities.
- Place the product behind a firewall
- Restrict access to the product only from the trusted network
- Change the credential information from the initial configuration
- Change credentials regularly
Vendor Status
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
peishilong reported CVE-2023-27917 and CVE-2023-27389 to JPCERT/CC.
Contec CO.,LTD. examined peishilong's report and found CVE-2023-23575.
Other Information
JPCERT Alert |
|
JPCERT Reports |
|
CERT Advisory |
|
CPNI Advisory |
|
TRnotes |
|
CVE |
CVE-2023-27917 |
CVE-2023-27389 |
|
CVE-2023-23575 |
|
JVN iPedia |
|
Update History
- 2023/04/11
- Fixed the typo under the section [Products Affected].