Improper access control vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker to bypass access restriction and access Network Maintenance page, which may result in obtaining the network information of the product. The affected products and versions are as follows: M2M Gateway with the firmware Ver.3.7.10 and earlier (CPS-MG341-ADSC1-111, CPS-MG341-ADSC1-931, CPS-MG341G-ADSC1-111, CPS-MG341G-ADSC1-930, and CPS-MG341G5-ADSC1-931), M2M Controller Integrated Type with firmware Ver.3.7.6 and earlier versions (CPS-MC341-ADSC1-111, CPS-MC341-ADSC1-931, CPS-MC341-ADSC2-111, CPS-MC341G-ADSC1-110, CPS-MC341Q-ADSC1-111, CPS-MC341-DS1-111, CPS-MC341-DS11-111, CPS-MC341-DS2-911, and CPS-MC341-A1-111), and M2M Controller Configurable Type with firmware Ver.3.8.8 and earlier versions (CPS-MCS341-DS1-111, CPS-MCS341-DS1-131, CPS-MCS341G-DS1-130, CPS-MCS341G5-DS1-130, and CPS-MCS341Q-DS1-131).

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors Products
Contec
  • Cps-mc341q-adsc1-111
  • Cps-mc341-adsc1-111
  • Cps-mg341g5-adsc1-931 Firmware
  • Cps-mc341-ds2-911
  • Cps-mcs341-ds1-111 Firmware
  • Cps-mg341g5-adsc1-931
  • Cps-mc341-adsc1-931 Firmware
  • Cps-mc341-ds1-111
  • Cps-mcs341g-ds1-130 Firmware
  • Cps-mg341-adsc1-111
  • Cps-mcs341q-ds1-131
  • Cps-mc341q-adsc1-111 Firmware
  • Cps-mg341-adsc1-111 Firmware
  • Cps-mc341g-adsc1-110 Firmware
  • Cps-mg341g-adsc1-930 Firmware
  • Cps-mg341-adsc1-931 Firmware
  • Cps-mc341-adsc2-111
  • Cps-mc341-ds11-111
  • Cps-mcs341g-ds1-130
  • Cps-mcs341q-ds1-131 Firmware
  • Cps-mc341-adsc1-931
  • Cps-mc341g-adsc1-110
  • Cps-mc341-ds2-911 Firmware
  • Cps-mc341-a1-111 Firmware
  • Cps-mc341-ds1-111 Firmware
  • Cps-mc341-ds11-111 Firmware
  • Cps-mg341g-adsc1-111
  • Cps-mcs341-ds1-111
  • Cps-mcs341-ds1-131
  • Cps-mc341-adsc1-111 Firmware
  • Cps-mg341-adsc1-931
  • Cps-mc341-a1-111
  • Cps-mc341-adsc2-111 Firmware
  • Cps-mg341g-adsc1-111 Firmware
  • Cps-mcs341-ds1-131 Firmware
  • Cps-mcs341g5-ds1-130 Firmware
  • Cps-mg341g-adsc1-930
  • Cps-mcs341g5-ds1-130

Configuration 1 [-]

AND
cpe:2.3:o:contec:cps-mg341-adsc1-111_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:contec:cps-mg341-adsc1-111:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:contec:cps-mg341-adsc1-931_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:contec:cps-mg341-adsc1-931:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:contec:cps-mg341g-adsc1-111_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:contec:cps-mg341g-adsc1-111:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:contec:cps-mg341g-adsc1-930_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:contec:cps-mg341g-adsc1-930:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:contec:cps-mg341g5-adsc1-931_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:contec:cps-mg341g5-adsc1-931:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:contec:cps-mc341-adsc1-111_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:contec:cps-mc341-adsc1-111:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:contec:cps-mc341-adsc1-931_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:contec:cps-mc341-adsc1-931:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:contec:cps-mc341-adsc2-111_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:contec:cps-mc341-adsc2-111:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:contec:cps-mc341g-adsc1-110_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:contec:cps-mc341g-adsc1-110:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND
cpe:2.3:o:contec:cps-mc341q-adsc1-111_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:contec:cps-mc341q-adsc1-111:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND
cpe:2.3:o:contec:cps-mc341-ds1-111_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:contec:cps-mc341-ds1-111:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND
cpe:2.3:o:contec:cps-mc341-ds11-111_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:contec:cps-mc341-ds11-111:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND
cpe:2.3:o:contec:cps-mc341-ds2-911_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:contec:cps-mc341-ds2-911:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND
cpe:2.3:o:contec:cps-mc341-a1-111_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:contec:cps-mc341-a1-111:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND
cpe:2.3:o:contec:cps-mcs341-ds1-111_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:contec:cps-mcs341-ds1-111:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND
cpe:2.3:o:contec:cps-mcs341-ds1-131_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:contec:cps-mcs341-ds1-131:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND
cpe:2.3:o:contec:cps-mcs341g-ds1-130_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:contec:cps-mcs341g-ds1-130:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND
cpe:2.3:o:contec:cps-mcs341g5-ds1-130_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:contec:cps-mcs341g5-ds1-130:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND
cpe:2.3:o:contec:cps-mcs341q-ds1-131_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:contec:cps-mcs341q-ds1-131:-:*:*:*:*:*:*:*
References
Link Resource
https://jvn.jp/en/vu/JVNVU96198617/ Third Party Advisory
https://www.contec.com/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_cps_230317_en.pdf Mitigation Vendor Advisory
https://www.contec.com/download/donwload-list/?itemid=a054b3eb-da97-40d0-9598-d7f5ff4239ec#firmware Product
https://www.contec.com/download/donwload-list/?itemid=a1b33f0d-d32b-4549-9741-613cd37d5528#firmware Product
https://www.contec.com/download/donwload-list/?itemid=f832c526-dcf6-4976-85aa-f536c15a8120#firmware Product
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: jpcert

Published: 2023-04-11T00:00:00

Updated: 2023-04-11T00:00:00

Reserved: 2023-03-14T00:00:00

Link: CVE-2023-23575

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2023-04-11T09:15:07.753

Modified: 2023-04-18T19:36:02.697

Link: CVE-2023-23575

JSON object: View

cve-icon Redhat Information

No data.

CWE