Lucene search

[email protected]CVE-2023-27388

HistoryMay 23, 2023 - 2:15 a.m.

CVE-2023-27388

2023-05-2302:15:09

CWE-287

[email protected]

web.nvd.nist.gov

cve-2023-27388

improper authentication

t&d corporation

espec mic corp

data logger

remote unauthenticated attacker

vulnerability

security

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.2%

JSON

Improper authentication vulnerability in T&D Corporation and ESPEC MIC CORP. data logger products allows a remote unauthenticated attacker to login to the product as a registered user. Affected products and versions are as follows: T&D Corporation data logger products (TR-71W/72W all firmware versions, RTR-5W all firmware versions, WDR-7 all firmware versions, WDR-3 all firmware versions, and WS-2 all firmware versions), and ESPEC MIC CORP. data logger products (RT-12N/RS-12N all firmware versions, RT-22BN all firmware versions, and TEU-12N all firmware versions).

Affected configurations

NVD

Node

tanddtr-71w_firmware

AND

tanddtr-71wMatch-

Node

tanddtr-72w_firmware

AND

tanddtr-72wMatch-

Node

tanddrtr-5w_firmware

AND

tanddrtr-5wMatch-

Node

tanddwdr-7_firmware

AND

tanddwdr-7Match-

Node

tanddwdr-3_firmware

AND

tanddwdr-3Match-

Node

tanddws-2_firmware

AND

tanddws-2Match-

Node

especmicrt-12n_firmware

AND

especmicrt-12nMatch-

Node

especmicrs-12n_firmware

AND

especmicrs-12nMatch-

Node

especmicrt-22bn_firmware

AND

especmicrt-22bnMatch-

Node

especmicteu-12n_firmware

AND

especmicteu-12nMatch-

CPENameOperatorVersion
tandd:tr-71w_firmwaretandd tr-71w firmwareeq*

CPE	Name	Operator	Version
tandd:tr-71w_firmware	tandd tr-71w firmware	eq	*

CNA Affected

[
  {
    "vendor": "T&D Corporation and ESPEC MIC CORP.",
    "product": "T&D Corporation and ESPEC MIC CORP. data logger products",
    "versions": [
      {
        "version": "T&D Corporation data logger products (TR-71W/72W all firmware versions, RTR-5W all firmware versions, WDR-7 all firmware versions, WDR-3 all firmware versions, and WS-2 all firmware versions), ESPEC MIC CORP. data logger products (RT-12N/RS-12N all firmware versions, RT-22BN all firmware versions, and TEU-12N all firmware versions)",
        "status": "affected"
      }
    ]
  }
]

References

jvn.jp/en/jp/JVN14778242/

www.monitoring.especmic.co.jp/post/VulnerabilityInRT-12N_RS-12N_RT-22BNandTEU-12N

www.tandd.com/news/detail.html?id=780

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.2%

JSON

Related for CVE-2023-27388

nvd1 cvelist1 prion1 jvn1