Vulnerability Description
Improper access control vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker to bypass access restriction and access Network Maintenance page, which may result in obtaining the network information of the product. The affected products and versions are as follows: M2M Gateway with the firmware Ver.3.7.10 and earlier (CPS-MG341-ADSC1-111, CPS-MG341-ADSC1-931, CPS-MG341G-ADSC1-111, CPS-MG341G-ADSC1-930, and CPS-MG341G5-ADSC1-931), M2M Controller Integrated Type with firmware Ver.3.7.6 and earlier versions (CPS-MC341-ADSC1-111, CPS-MC341-ADSC1-931, CPS-MC341-ADSC2-111, CPS-MC341G-ADSC1-110, CPS-MC341Q-ADSC1-111, CPS-MC341-DS1-111, CPS-MC341-DS11-111, CPS-MC341-DS2-911, and CPS-MC341-A1-111), and M2M Controller Configurable Type with firmware Ver.3.8.8 and earlier versions (CPS-MCS341-DS1-111, CPS-MCS341-DS1-131, CPS-MCS341G-DS1-130, CPS-MCS341G5-DS1-130, and CPS-MCS341Q-DS1-131).
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Contec | Cps-Mg341-Adsc1-111 Firmware | <= 3.7.10 |
| Contec | Cps-Mg341-Adsc1-111 | - |
| Contec | Cps-Mg341-Adsc1-931 Firmware | <= 3.7.10 |
| Contec | Cps-Mg341-Adsc1-931 | - |
| Contec | Cps-Mg341G-Adsc1-111 Firmware | <= 3.7.10 |
| Contec | Cps-Mg341G-Adsc1-111 | - |
| Contec | Cps-Mg341G-Adsc1-930 Firmware | <= 3.7.10 |
| Contec | Cps-Mg341G-Adsc1-930 | - |
| Contec | Cps-Mg341G5-Adsc1-931 Firmware | <= 3.7.10 |
| Contec | Cps-Mg341G5-Adsc1-931 | - |
| Contec | Cps-Mc341-Adsc1-111 Firmware | <= 3.7.6 |
| Contec | Cps-Mc341-Adsc1-111 | - |
| Contec | Cps-Mc341-Adsc1-931 Firmware | <= 3.7.6 |
| Contec | Cps-Mc341-Adsc1-931 | - |
| Contec | Cps-Mc341-Adsc2-111 Firmware | <= 3.7.6 |
| Contec | Cps-Mc341-Adsc2-111 | - |
| Contec | Cps-Mc341G-Adsc1-110 Firmware | <= 3.7.6 |
| Contec | Cps-Mc341G-Adsc1-110 | - |
| Contec | Cps-Mc341Q-Adsc1-111 Firmware | <= 3.7.6 |
| Contec | Cps-Mc341Q-Adsc1-111 | - |
Related Weaknesses (CWE)
References
- https://jvn.jp/en/vu/JVNVU96198617/Third Party Advisory
- https://www.contec.com/api/downloadlogger?download=/-/media/Contec/jp/support/seMitigationVendor Advisory
- https://www.contec.com/download/donwload-list/?itemid=a054b3eb-da97-40d0-9598-d7Product
- https://www.contec.com/download/donwload-list/?itemid=a1b33f0d-d32b-4549-9741-61Product
- https://www.contec.com/download/donwload-list/?itemid=f832c526-dcf6-4976-85aa-f5Product
- https://jvn.jp/en/vu/JVNVU96198617/Third Party Advisory
- https://www.contec.com/api/downloadlogger?download=/-/media/Contec/jp/support/seMitigationVendor Advisory
- https://www.contec.com/download/donwload-list/?itemid=a054b3eb-da97-40d0-9598-d7Product
- https://www.contec.com/download/donwload-list/?itemid=a1b33f0d-d32b-4549-9741-61Product
- https://www.contec.com/download/donwload-list/?itemid=f832c526-dcf6-4976-85aa-f5Product
FAQ
What is CVE-2023-23575?
CVE-2023-23575 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Improper access control vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker to bypass access restriction and access Network Maintenance page, which may result in obt...
How severe is CVE-2023-23575?
CVE-2023-23575 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-23575?
Check the references section above for vendor advisories and patch information. Affected products include: Contec Cps-Mg341-Adsc1-111 Firmware, Contec Cps-Mg341-Adsc1-111, Contec Cps-Mg341-Adsc1-931 Firmware, Contec Cps-Mg341-Adsc1-931, Contec Cps-Mg341G-Adsc1-111 Firmware.