CVE-2023-27917

Name of the Vulnerable Software and Affected Versions CONPROSYS M2M Gateway versions 3.7.10 and earlier CONPROSYS M2M Controller Integrated Type versions 3.7.6 and earlier CONPROSYS M2M Controller Configurable Type versions 3.8.8 and earlier

Description A remote authenticated attacker who can access the Network Maintenance page can execute arbitrary OS commands with root privilege due to an OS command injection vulnerability in CONPROSYS IoT Gateway products.

Recommendations For CONPROSYS M2M Gateway versions 3.7.10 and earlier, update to a version later than 3.7.10 to resolve the issue. For CONPROSYS M2M Controller Integrated Type versions 3.7.6 and earlier, update to a version later than 3.7.6 to resolve the issue. For CONPROSYS M2M Controller Configurable Type versions 3.8.8 and earlier, update to a version later than 3.8.8 to resolve the issue. As a temporary workaround, consider restricting access to the Network Maintenance page to minimize the risk of exploitation.