CVE-2023-27917

Q: What is the severity of CVE-2023-27917?

CVE-2023-27917 has a CVSS score of 8.8 (HIGH). This CVE describes an OS command injection vulnerability in CONPROSYS IoT Gateway products that allows remote authenticated attackers with access to the Network Maintenance page to execute arbitrary operating system commands with root privileges. The vulnerability affects multiple M2M Gateway and Controller products with specific firmware versions. Attackers can gain complete control over affected devices.

8.8 HIGH

Remote Code Execution

📋 TL;DR

This CVE describes an OS command injection vulnerability in CONPROSYS IoT Gateway products that allows remote authenticated attackers with access to the Network Maintenance page to execute arbitrary operating system commands with root privileges. The vulnerability affects multiple M2M Gateway and Controller products with specific firmware versions. Attackers can gain complete control over affected devices.

💻 Affected Systems

Products:

CONPROSYS M2M Gateway
CONPROSYS M2M Controller Integrated Type
CONPROSYS M2M Controller Configurable Type

Versions: M2M Gateway: firmware Ver.3.7.10 and earlier; M2M Controller Integrated Type: firmware Ver.3.7.6 and earlier; M2M Controller Configurable Type: firmware Ver.3.8.8 and earlier

Operating Systems: Embedded Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated access to the Network Maintenance page. Specific model numbers listed in CVE description are affected.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attackers to install persistent backdoors, pivot to internal networks, exfiltrate sensitive data, or use devices as part of botnets for DDoS attacks or cryptocurrency mining.

🟠

Likely Case

Attackers gain root access to affected devices, enabling them to modify configurations, disrupt operations, steal credentials, or use devices as footholds for lateral movement within the network.

🟢

If Mitigated

With proper network segmentation and access controls, impact is limited to the affected device only, preventing lateral movement to other systems.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but is straightforward once authentication is achieved. The vulnerability is in the Network Maintenance functionality.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: M2M Gateway: firmware newer than Ver.3.7.10; M2M Controller Integrated Type: firmware newer than Ver.3.7.6; M2M Controller Configurable Type: firmware newer than Ver.3.8.8

Vendor Advisory: https://www.contec.com/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_cps_230317_en.pdf

Restart Required: Yes

Instructions:

1. Download appropriate firmware from Contec download portal. 2. Backup current configuration. 3. Upload and apply firmware update through device web interface. 4. Reboot device. 5. Verify firmware version is updated.

🔧 Temporary Workarounds

Restrict Network Maintenance Page Access

all

Limit access to the Network Maintenance page using network access controls or web application firewalls

Network Segmentation

all

Isolate affected devices in separate network segments with strict firewall rules

🧯 If You Can't Patch

Implement strict network segmentation to isolate affected devices from critical systems
Enforce strong authentication and limit user access to only necessary personnel

🔍 How to Verify

Check if Vulnerable:

Check device firmware version through web interface or SSH. If version matches affected ranges, device is vulnerable.

Check Version:

Check via web interface: System Information page or via SSH: cat /proc/version or check firmware version in device settings

Verify Fix Applied:

Verify firmware version is updated beyond affected versions: M2M Gateway > 3.7.10, M2M Controller Integrated Type > 3.7.6, M2M Controller Configurable Type > 3.8.8

📡 Detection & Monitoring

Log Indicators:

Unusual command execution patterns
Multiple failed authentication attempts followed by successful login
Unexpected system configuration changes
Suspicious processes running with root privileges

Network Indicators:

Unusual outbound connections from IoT devices
Traffic to unexpected destinations
Protocol anomalies in device communications

SIEM Query:

source="iot-gateway" AND (event_type="command_execution" OR user="root" AND action="config_change")

📊 Metadata

CVE ID: CVE-2023-27917

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-78

Published: April 11, 2023

Last Updated: February 10, 2025

🔗 References

https://jvn.jp/en/vu/JVNVU96198617/ Third Party Advisory
https://www.contec.com/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_cps_230317_en.pdf Mitigation,Vendor Advisory
https://www.contec.com/download/donwload-list/?itemid=a054b3eb-da97-40d0-9598-d7f5ff4239ec#firmware Product
https://www.contec.com/download/donwload-list/?itemid=a1b33f0d-d32b-4549-9741-613cd37d5528#firmware Product
https://www.contec.com/download/donwload-list/?itemid=f832c526-dcf6-4976-85aa-f536c15a8120#firmware Product
https://jvn.jp/en/vu/JVNVU96198617/ Third Party Advisory
https://www.contec.com/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_cps_230317_en.pdf Mitigation,Vendor Advisory
https://www.contec.com/download/donwload-list/?itemid=a054b3eb-da97-40d0-9598-d7f5ff4239ec#firmware Product
https://www.contec.com/download/donwload-list/?itemid=a1b33f0d-d32b-4549-9741-613cd37d5528#firmware Product
https://www.contec.com/download/donwload-list/?itemid=f832c526-dcf6-4976-85aa-f536c15a8120#firmware Product

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Cps Mc341 A1 111 Firmware by Contec

Cps Mc341 Adsc1 111 Firmware by Contec

Cps Mc341 Adsc1 931 Firmware by Contec

Cps Mc341 Adsc2 111 Firmware by Contec

Cps Mc341 Ds1 111 Firmware by Contec

Cps Mc341 Ds11 111 Firmware by Contec

Cps Mc341 Ds2 911 Firmware by Contec

Cps Mc341g Adsc1 110 Firmware by Contec

Cps Mc341q Adsc1 111 Firmware by Contec

Cps Mcs341 Ds1 111 Firmware by Contec

Cps Mcs341 Ds1 131 Firmware by Contec

Cps Mcs341g Ds1 130 Firmware by Contec

Cps Mcs341g5 Ds1 130 Firmware by Contec

Cps Mcs341q Ds1 131 Firmware by Contec

Cps Mg341 Adsc1 111 Firmware by Contec

Cps Mg341 Adsc1 931 Firmware by Contec

Cps Mg341g Adsc1 111 Firmware by Contec

Cps Mg341g Adsc1 930 Firmware by Contec

Cps Mg341g5 Adsc1 931 Firmware by Contec