CVE-2023-27389

Name of the Vulnerable Software and Affected Versions CONPROSYS M2M Gateway versions 3.7.10 and earlier CONPROSYS M2M Controller Integrated Type versions 3.7.6 and earlier CONPROSYS M2M Controller Configurable Type versions 3.8.8 and earlier

Description Inadequate encryption strength vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker with an administrative privilege to apply a specially crafted Firmware update file, alter the information, cause a denial-of-service (DoS) condition, and/or execute arbitrary code.

Recommendations For CONPROSYS M2M Gateway versions 3.7.10 and earlier, update the firmware to a version later than 3.7.10. For CONPROSYS M2M Controller Integrated Type versions 3.7.6 and earlier, update the firmware to a version later than 3.7.6. For CONPROSYS M2M Controller Configurable Type versions 3.8.8 and earlier, update the firmware to a version later than 3.8.8. As a temporary workaround, consider restricting access to the firmware update feature to minimize the risk of exploitation.