Lucene search

[email protected]CVE-2023-27387

HistoryMay 23, 2023 - 2:15 a.m.

CVE-2023-27387

2023-05-2302:15:09

CWE-352

[email protected]

web.nvd.nist.gov

cve-2023-27387

csrf

t&d corporation

espec mic corp

data logger

security vulnerability

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

58.7%

JSON

Cross-site request forgery (CSRF) in T&D Corporation and ESPEC MIC CORP. data logger products allows a remote unauthenticated attacker to conduct an arbitrary operation by having a logged-in user view a malicious page. Affected products and versions are as follows: T&D Corporation data logger products (TR-71W/72W all firmware versions, RTR-5W all firmware versions, WDR-7 all firmware versions, WDR-3 all firmware versions, and WS-2 all firmware versions), and ESPEC MIC CORP. data logger products (RT-12N/RS-12N all firmware versions, RT-22BN all firmware versions, and TEU-12N all firmware versions).

Affected configurations

NVD

Node

tanddtr-71wMatch-

AND

tanddtr-71w_firmware

Node

tanddtr-72wMatch-

AND

tanddtr-72w_firmware

Node

tanddrtr-5w_firmware

AND

tanddrtr-5wMatch-

Node

tanddwdr-7_firmware

AND

tanddwdr-7Match-

Node

tanddwdr-3Match-

AND

tanddwdr-3_firmware

Node

tanddws-2Match-

AND

tanddws-2_firmware

Node

especmicrt-12nMatch-

AND

especmicrt-12n_firmware

Node

especmicrs-12nMatch-

AND

especmicrs-12n_firmware

Node

especmicrt-22bnMatch-

AND

especmicrt-22bn_firmware

Node

especmicteu-12nMatch-

AND

especmicteu-12n_firmware

CPENameOperatorVersion
tandd:tr-71w_firmwaretandd tr-71w firmwareeq*

CPE	Name	Operator	Version
tandd:tr-71w_firmware	tandd tr-71w firmware	eq	*

CNA Affected

[
  {
    "vendor": "T&D Corporation and ESPEC MIC CORP.",
    "product": "T&D Corporation and ESPEC MIC CORP. data logger products",
    "versions": [
      {
        "version": "T&D Corporation data logger products (TR-71W/72W all firmware versions, RTR-5W all firmware versions, WDR-7 all firmware versions, WDR-3 all firmware versions, and WS-2 all firmware versions), ESPEC MIC CORP. data logger products (RT-12N/RS-12N all firmware versions, RT-22BN all firmware versions, and TEU-12N all firmware versions)",
        "status": "affected"
      }
    ]
  }
]

References

jvn.jp/en/jp/JVN14778242/

www.monitoring.especmic.co.jp/post/VulnerabilityInRT-12N_RS-12N_RT-22BNandTEU-12N

www.tandd.com/news/detail.html?id=780

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

58.7%

JSON

Related for CVE-2023-27387

cvelist1 nvd1 prion1 jvn1