Conprosys · Conprosys M2M Controller Integrated Type · CVE-2023-27389
**Name of the Vulnerable Software and Affected Versions**
CONPROSYS M2M Gateway versions 3.7.10 and earlier
CONPROSYS M2M Controller Integrated Type versions 3.7.6 and earlier
CONPROSYS M2M Controller Configurable Type versions 3.8.8 and earlier
**Description**
Inadequate encryption strength vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker with an administrative privilege to apply a specially crafted Firmware update file, alter the information, cause a denial-of-service (DoS) condition, and/or execute arbitrary code.
**Recommendations**
For CONPROSYS M2M Gateway versions 3.7.10 and earlier, update the firmware to a version later than 3.7.10.
For CONPROSYS M2M Controller Integrated Type versions 3.7.6 and earlier, update the firmware to a version later than 3.7.6.
For CONPROSYS M2M Controller Configurable Type versions 3.8.8 and earlier, update the firmware to a version later than 3.8.8.
As a temporary workaround, consider restricting access to the firmware update feature to minimize the risk of exploitation.