PT-2023-19054 · Unknown · Conprosys M2M Controller Integrated Type+2
Published
2023-04-11
·
Updated
2025-02-11
·
CVE-2023-23575
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
CONPROSYS M2M Gateway versions 3.7.10 and earlier
CONPROSYS M2M Controller Integrated Type versions 3.7.6 and earlier
CONPROSYS M2M Controller Configurable Type versions 3.8.8 and earlier
Description
An improper access control issue allows a remote authenticated attacker to bypass access restrictions and access the Network Maintenance page, potentially obtaining network information.
Recommendations
For CONPROSYS M2M Gateway versions 3.7.10 and earlier, update to a version later than 3.7.10.
For CONPROSYS M2M Controller Integrated Type versions 3.7.6 and earlier, update to a version later than 3.7.6.
For CONPROSYS M2M Controller Configurable Type versions 3.8.8 and earlier, update to a version later than 3.8.8.
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Conprosys M2M Controller Configurable Type
Conprosys M2M Controller Integrated Type
Conprosys M2M Gateway