Login Sign Up

CVE-2023-27389

7.2 HIGH
Remote Code Execution Denial of Service

📋 TL;DR

This vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker with administrative privileges to upload a specially crafted firmware update file, leading to inadequate encryption strength. This can result in data alteration, denial-of-service (DoS), or arbitrary code execution. Affected users include those using specific M2M Gateway, M2M Controller Integrated Type, and M2M Controller Configurable Type devices with outdated firmware versions.

💻 Affected Systems

Products:
  • M2M Gateway
  • M2M Controller Integrated Type
  • M2M Controller Configurable Type
Versions: M2M Gateway: firmware Ver.3.7.10 and earlier; M2M Controller Integrated Type: firmware Ver.3.7.6 and earlier; M2M Controller Configurable Type: firmware Ver.3.8.8 and earlier
Operating Systems: Embedded firmware specific to CONPROSYS devices
Default Config Vulnerable: ⚠️ Yes
Notes: Affects specific model numbers listed in the CVE description; default configurations with administrative access enabled are vulnerable.

📦 What is this software?

Cps Mc341 A1 111 Firmware by Contec

View all CVEs affecting Cps Mc341 A1 111 Firmware →

Cps Mc341 Adsc1 111 Firmware by Contec

View all CVEs affecting Cps Mc341 Adsc1 111 Firmware →

Cps Mc341 Adsc1 931 Firmware by Contec

View all CVEs affecting Cps Mc341 Adsc1 931 Firmware →

Cps Mc341 Adsc2 111 Firmware by Contec

View all CVEs affecting Cps Mc341 Adsc2 111 Firmware →

Cps Mc341 Ds1 111 Firmware by Contec

View all CVEs affecting Cps Mc341 Ds1 111 Firmware →

Cps Mc341 Ds11 111 Firmware by Contec

View all CVEs affecting Cps Mc341 Ds11 111 Firmware →

Cps Mc341 Ds2 911 Firmware by Contec

View all CVEs affecting Cps Mc341 Ds2 911 Firmware →

Cps Mc341g Adsc1 110 Firmware by Contec

View all CVEs affecting Cps Mc341g Adsc1 110 Firmware →

Cps Mc341q Adsc1 111 Firmware by Contec

View all CVEs affecting Cps Mc341q Adsc1 111 Firmware →

Cps Mcs341 Ds1 111 Firmware by Contec

View all CVEs affecting Cps Mcs341 Ds1 111 Firmware →

Cps Mcs341 Ds1 131 Firmware by Contec

View all CVEs affecting Cps Mcs341 Ds1 131 Firmware →

Cps Mcs341g Ds1 130 Firmware by Contec

View all CVEs affecting Cps Mcs341g Ds1 130 Firmware →

Cps Mcs341g5 Ds1 130 Firmware by Contec

View all CVEs affecting Cps Mcs341g5 Ds1 130 Firmware →

Cps Mcs341q Ds1 131 Firmware by Contec

View all CVEs affecting Cps Mcs341q Ds1 131 Firmware →

Cps Mg341 Adsc1 111 Firmware by Contec

View all CVEs affecting Cps Mg341 Adsc1 111 Firmware →

Cps Mg341 Adsc1 931 Firmware by Contec

View all CVEs affecting Cps Mg341 Adsc1 931 Firmware →

Cps Mg341g Adsc1 111 Firmware by Contec

View all CVEs affecting Cps Mg341g Adsc1 111 Firmware →

Cps Mg341g Adsc1 930 Firmware by Contec

View all CVEs affecting Cps Mg341g Adsc1 930 Firmware →

Cps Mg341g5 Adsc1 931 Firmware by Contec

View all CVEs affecting Cps Mg341g5 Adsc1 931 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could execute arbitrary code with administrative privileges, potentially taking full control of the device, disrupting operations, or using it as a foothold for further network attacks.

🟠

Likely Case

Attackers may cause a denial-of-service condition by corrupting firmware or alter device configurations, leading to operational downtime in industrial or IoT environments.

🟢

If Mitigated

With proper access controls and network segmentation, the impact is limited to isolated device compromise without broader network effects.

🌐 Internet-Facing: HIGH, as these IoT devices are often exposed to the internet for remote management, making them accessible to attackers if administrative credentials are compromised.
🏢 Internal Only: MEDIUM, as internal attackers with administrative access could exploit this, but network segmentation and monitoring can reduce the risk.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires administrative privileges and knowledge of crafting malicious firmware updates; no public exploits are known as of the provided references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Update to firmware versions beyond those listed as affected (e.g., above Ver.3.7.10 for M2M Gateway, above Ver.3.7.6 for M2M Controller Integrated Type, above Ver.3.8.8 for M2M Controller Configurable Type)

Vendor Advisory: https://www.contec.com/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_cps_230317_en.pdf

Restart Required: Yes

Instructions:

1. Download the latest firmware from the vendor's download page. 2. Follow the vendor's firmware update procedure as documented in the device manual. 3. Restart the device after the update to apply changes.

🔧 Temporary Workarounds

Restrict Administrative Access

all

Limit administrative access to trusted IP addresses and use strong, unique passwords to reduce the risk of credential compromise.

Configure firewall rules to allow administrative access only from specific IPs (e.g., using iptables on Linux: sudo iptables -A INPUT -p tcp --dport [admin_port] -s [trusted_ip] -j ACCEPT)

Disable Remote Firmware Updates

all

If possible, disable remote firmware update functionality and perform updates only locally or in controlled environments.

Check device settings to disable remote update features via the administrative interface.

🧯 If You Can't Patch

  • Implement network segmentation to isolate affected devices from critical systems and the internet.
  • Enhance monitoring and logging for unauthorized firmware update attempts or administrative access anomalies.

🔍 How to Verify

Check if Vulnerable:

Check the firmware version on the device via its administrative interface or CLI; compare against the affected versions listed in the CVE description.

Check Version:

Use the device-specific command or web interface to display the current firmware version (e.g., via SSH or HTTP request to the device's admin page).

Verify Fix Applied:

After updating, verify the firmware version is above the affected thresholds and test device functionality to ensure no DoS or corruption.

📡 Detection & Monitoring

Log Indicators:

  • Log entries showing firmware update attempts from unauthorized sources or at unusual times
  • Administrative login failures or successes from unexpected IP addresses

Network Indicators:

  • Unusual network traffic to firmware update ports or protocols from external IPs
  • Anomalies in data transmission patterns indicative of code execution

SIEM Query:

Example: 'source="device_logs" AND (event="firmware_update" OR event="admin_login") AND src_ip NOT IN [trusted_ips]'

📊 Metadata

CVE ID: CVE-2023-27389
CVSS v3 Score: 7.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-326
Published: April 11, 2023
Last Updated: February 10, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-27389, you might also want to check these:

CVE-2021-42216 9.8

CVE-2021-42216 is a critical cryptographic vulnerability in AnonAddy email forwarding service that a...

Same vulnerability type (CWE-326)
CVE-2020-14517 9.8

CVE-2020-14517 is a critical vulnerability in CodeMeter's protocol encryption that can be easily bro...

Same vulnerability type (CWE-326)
CVE-2025-7398 9.1

Brocade ASCG versions before 3.3.0 use medium-strength cryptography algorithms on internal ports 900...

Same vulnerability type (CWE-326)