CVE-2023-27917

Severity Score

8.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track*

*SSVC

Descriptions

OS command injection vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker who can access Network Maintenance page to execute arbitrary OS commands with a root privilege. The affected products and versions are as follows: M2M Gateway with the firmware Ver.3.7.10 and earlier (CPS-MG341-ADSC1-111, CPS-MG341-ADSC1-931, CPS-MG341G-ADSC1-111, CPS-MG341G-ADSC1-930, and CPS-MG341G5-ADSC1-931), M2M Controller Integrated Type with firmware Ver.3.7.6 and earlier versions (CPS-MC341-ADSC1-111, CPS-MC341-ADSC1-931, CPS-MC341-ADSC2-111, CPS-MC341G-ADSC1-110, CPS-MC341Q-ADSC1-111, CPS-MC341-DS1-111, CPS-MC341-DS11-111, CPS-MC341-DS2-911, and CPS-MC341-A1-111), and M2M Controller Configurable Type with firmware Ver.3.8.8 and earlier versions (CPS-MCS341-DS1-111, CPS-MCS341-DS1-131, CPS-MCS341G-DS1-130, CPS-MCS341G5-DS1-130, and CPS-MCS341Q-DS1-131).

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

None

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2023-03-14 CVE Reserved
2023-04-11 CVE Published
2025-02-10 CVE Updated
2025-04-15 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CAPEC

References (5)

URL	Tag	Source
https://jvn.jp/en/vu/JVNVU96198617	Third Party Advisory
https://www.contec.com/download/donwload-list/?itemid=a054b3eb-da97-40d0-9598-d7f5ff4239ec#firmware	Product
https://www.contec.com/download/donwload-list/?itemid=a1b33f0d-d32b-4549-9741-613cd37d5528#firmware	Product
https://www.contec.com/download/donwload-list/?itemid=f832c526-dcf6-4976-85aa-f536c15a8120#firmware	Product

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://www.contec.com/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_cps_230317_en.pdf	2023-04-18

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Contec Search vendor "Contec"	Cps-mg341-adsc1-111 Firmware Search vendor "Contec" for product "Cps-mg341-adsc1-111 Firmware"	<= 3.7.10 Search vendor "Contec" for product "Cps-mg341-adsc1-111 Firmware" and version " <= 3.7.10"	-	Affected	in	Contec Search vendor "Contec"	Cps-mg341-adsc1-111 Search vendor "Contec" for product "Cps-mg341-adsc1-111"	-	-	Safe
Contec Search vendor "Contec"	Cps-mg341-adsc1-931 Firmware Search vendor "Contec" for product "Cps-mg341-adsc1-931 Firmware"	<= 3.7.10 Search vendor "Contec" for product "Cps-mg341-adsc1-931 Firmware" and version " <= 3.7.10"	-	Affected	in	Contec Search vendor "Contec"	Cps-mg341-adsc1-931 Search vendor "Contec" for product "Cps-mg341-adsc1-931"	-	-	Safe
Contec Search vendor "Contec"	Cps-mg341g-adsc1-111 Firmware Search vendor "Contec" for product "Cps-mg341g-adsc1-111 Firmware"	<= 3.7.10 Search vendor "Contec" for product "Cps-mg341g-adsc1-111 Firmware" and version " <= 3.7.10"	-	Affected	in	Contec Search vendor "Contec"	Cps-mg341g-adsc1-111 Search vendor "Contec" for product "Cps-mg341g-adsc1-111"	-	-	Safe
Contec Search vendor "Contec"	Cps-mg341g-adsc1-930 Firmware Search vendor "Contec" for product "Cps-mg341g-adsc1-930 Firmware"	<= 3.7.10 Search vendor "Contec" for product "Cps-mg341g-adsc1-930 Firmware" and version " <= 3.7.10"	-	Affected	in	Contec Search vendor "Contec"	Cps-mg341g-adsc1-930 Search vendor "Contec" for product "Cps-mg341g-adsc1-930"	-	-	Safe
Contec Search vendor "Contec"	Cps-mg341g5-adsc1-931 Firmware Search vendor "Contec" for product "Cps-mg341g5-adsc1-931 Firmware"	<= 3.7.10 Search vendor "Contec" for product "Cps-mg341g5-adsc1-931 Firmware" and version " <= 3.7.10"	-	Affected	in	Contec Search vendor "Contec"	Cps-mg341g5-adsc1-931 Search vendor "Contec" for product "Cps-mg341g5-adsc1-931"	-	-	Safe
Contec Search vendor "Contec"	Cps-mc341-adsc1-111 Firmware Search vendor "Contec" for product "Cps-mc341-adsc1-111 Firmware"	<= 3.7.6 Search vendor "Contec" for product "Cps-mc341-adsc1-111 Firmware" and version " <= 3.7.6"	-	Affected	in	Contec Search vendor "Contec"	Cps-mc341-adsc1-111 Search vendor "Contec" for product "Cps-mc341-adsc1-111"	-	-	Safe
Contec Search vendor "Contec"	Cps-mc341-adsc1-931 Firmware Search vendor "Contec" for product "Cps-mc341-adsc1-931 Firmware"	<= 3.7.6 Search vendor "Contec" for product "Cps-mc341-adsc1-931 Firmware" and version " <= 3.7.6"	-	Affected	in	Contec Search vendor "Contec"	Cps-mc341-adsc1-931 Search vendor "Contec" for product "Cps-mc341-adsc1-931"	-	-	Safe
Contec Search vendor "Contec"	Cps-mc341-adsc2-111 Firmware Search vendor "Contec" for product "Cps-mc341-adsc2-111 Firmware"	<= 3.7.6 Search vendor "Contec" for product "Cps-mc341-adsc2-111 Firmware" and version " <= 3.7.6"	-	Affected	in	Contec Search vendor "Contec"	Cps-mc341-adsc2-111 Search vendor "Contec" for product "Cps-mc341-adsc2-111"	-	-	Safe
Contec Search vendor "Contec"	Cps-mc341g-adsc1-110 Firmware Search vendor "Contec" for product "Cps-mc341g-adsc1-110 Firmware"	<= 3.7.6 Search vendor "Contec" for product "Cps-mc341g-adsc1-110 Firmware" and version " <= 3.7.6"	-	Affected	in	Contec Search vendor "Contec"	Cps-mc341g-adsc1-110 Search vendor "Contec" for product "Cps-mc341g-adsc1-110"	-	-	Safe
Contec Search vendor "Contec"	Cps-mc341q-adsc1-111 Firmware Search vendor "Contec" for product "Cps-mc341q-adsc1-111 Firmware"	<= 3.7.6 Search vendor "Contec" for product "Cps-mc341q-adsc1-111 Firmware" and version " <= 3.7.6"	-	Affected	in	Contec Search vendor "Contec"	Cps-mc341q-adsc1-111 Search vendor "Contec" for product "Cps-mc341q-adsc1-111"	-	-	Safe
Contec Search vendor "Contec"	Cps-mc341-ds1-111 Firmware Search vendor "Contec" for product "Cps-mc341-ds1-111 Firmware"	<= 3.7.6 Search vendor "Contec" for product "Cps-mc341-ds1-111 Firmware" and version " <= 3.7.6"	-	Affected	in	Contec Search vendor "Contec"	Cps-mc341-ds1-111 Search vendor "Contec" for product "Cps-mc341-ds1-111"	-	-	Safe
Contec Search vendor "Contec"	Cps-mc341-ds11-111 Firmware Search vendor "Contec" for product "Cps-mc341-ds11-111 Firmware"	<= 3.7.6 Search vendor "Contec" for product "Cps-mc341-ds11-111 Firmware" and version " <= 3.7.6"	-	Affected	in	Contec Search vendor "Contec"	Cps-mc341-ds11-111 Search vendor "Contec" for product "Cps-mc341-ds11-111"	-	-	Safe
Contec Search vendor "Contec"	Cps-mc341-ds2-911 Firmware Search vendor "Contec" for product "Cps-mc341-ds2-911 Firmware"	<= 3.7.6 Search vendor "Contec" for product "Cps-mc341-ds2-911 Firmware" and version " <= 3.7.6"	-	Affected	in	Contec Search vendor "Contec"	Cps-mc341-ds2-911 Search vendor "Contec" for product "Cps-mc341-ds2-911"	-	-	Safe
Contec Search vendor "Contec"	Cps-mc341-a1-111 Firmware Search vendor "Contec" for product "Cps-mc341-a1-111 Firmware"	<= 3.7.6 Search vendor "Contec" for product "Cps-mc341-a1-111 Firmware" and version " <= 3.7.6"	-	Affected	in	Contec Search vendor "Contec"	Cps-mc341-a1-111 Search vendor "Contec" for product "Cps-mc341-a1-111"	-	-	Safe
Contec Search vendor "Contec"	Cps-mcs341-ds1-111 Firmware Search vendor "Contec" for product "Cps-mcs341-ds1-111 Firmware"	<= 3.8.8 Search vendor "Contec" for product "Cps-mcs341-ds1-111 Firmware" and version " <= 3.8.8"	-	Affected	in	Contec Search vendor "Contec"	Cps-mcs341-ds1-111 Search vendor "Contec" for product "Cps-mcs341-ds1-111"	-	-	Safe
Contec Search vendor "Contec"	Cps-mcs341-ds1-131 Firmware Search vendor "Contec" for product "Cps-mcs341-ds1-131 Firmware"	<= 3.8.8 Search vendor "Contec" for product "Cps-mcs341-ds1-131 Firmware" and version " <= 3.8.8"	-	Affected	in	Contec Search vendor "Contec"	Cps-mcs341-ds1-131 Search vendor "Contec" for product "Cps-mcs341-ds1-131"	-	-	Safe
Contec Search vendor "Contec"	Cps-mcs341g-ds1-130 Firmware Search vendor "Contec" for product "Cps-mcs341g-ds1-130 Firmware"	<= 3.8.8 Search vendor "Contec" for product "Cps-mcs341g-ds1-130 Firmware" and version " <= 3.8.8"	-	Affected	in	Contec Search vendor "Contec"	Cps-mcs341g-ds1-130 Search vendor "Contec" for product "Cps-mcs341g-ds1-130"	-	-	Safe
Contec Search vendor "Contec"	Cps-mcs341g5-ds1-130 Firmware Search vendor "Contec" for product "Cps-mcs341g5-ds1-130 Firmware"	<= 3.8.8 Search vendor "Contec" for product "Cps-mcs341g5-ds1-130 Firmware" and version " <= 3.8.8"	-	Affected	in	Contec Search vendor "Contec"	Cps-mcs341g5-ds1-130 Search vendor "Contec" for product "Cps-mcs341g5-ds1-130"	-	-	Safe
Contec Search vendor "Contec"	Cps-mcs341q-ds1-131 Firmware Search vendor "Contec" for product "Cps-mcs341q-ds1-131 Firmware"	<= 3.8.8 Search vendor "Contec" for product "Cps-mcs341q-ds1-131 Firmware" and version " <= 3.8.8"	-	Affected	in	Contec Search vendor "Contec"	Cps-mcs341q-ds1-131 Search vendor "Contec" for product "Cps-mcs341q-ds1-131"	-	-	Safe