CVSS: 8.3EPSS: 1%CPEs: 38EXPL: 0CVE-2023-27389
https://notcve.org/view.php?id=CVE-2023-27389
11 Apr 2023 — Inadequate encryption strength vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker with an administrative privilege to apply a specially crafted Firmware update file, alter the information, cause a denial-of-service (DoS) condition, and/or execute arbitrary code. The affected products and versions are as follows: M2M Gateway with the firmware Ver.3.7.10 and earlier (CPS-MG341-ADSC1-111, CPS-MG341-ADSC1-931, CPS-MG341G-ADSC1-111, CPS-MG341G-ADSC1-930, and CPS-MG341G5-ADSC1-... • https://jvn.jp/en/vu/JVNVU96198617 • CWE-326: Inadequate Encryption Strength •
CVSS: 4.3EPSS: 0%CPEs: 38EXPL: 0CVE-2023-23575
https://notcve.org/view.php?id=CVE-2023-23575
11 Apr 2023 — Improper access control vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker to bypass access restriction and access Network Maintenance page, which may result in obtaining the network information of the product. The affected products and versions are as follows: M2M Gateway with the firmware Ver.3.7.10 and earlier (CPS-MG341-ADSC1-111, CPS-MG341-ADSC1-931, CPS-MG341G-ADSC1-111, CPS-MG341G-ADSC1-930, and CPS-MG341G5-ADSC1-931), M2M Controller Integrated Type with firmware V... • https://jvn.jp/en/vu/JVNVU96198617 • CWE-284: Improper Access Control •
CVSS: 9.0EPSS: 2%CPEs: 38EXPL: 0CVE-2023-27917
https://notcve.org/view.php?id=CVE-2023-27917
11 Apr 2023 — OS command injection vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker who can access Network Maintenance page to execute arbitrary OS commands with a root privilege. The affected products and versions are as follows: M2M Gateway with the firmware Ver.3.7.10 and earlier (CPS-MG341-ADSC1-111, CPS-MG341-ADSC1-931, CPS-MG341G-ADSC1-111, CPS-MG341G-ADSC1-930, and CPS-MG341G5-ADSC1-931), M2M Controller Integrated Type with firmware Ver.3.7.6 and earlier versions (CPS-MC341-AD... • https://jvn.jp/en/vu/JVNVU96198617 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •