CVE-2023-22654

2023-05-2300:00:00

jpcert

www.cve.org

client-side security

t&d corporation

espec mic corp.

data logger

arbitrary script execution

firmware versions

web browsers

6.9 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.7%

JSON

Client-side enforcement of server-side security issue exists in T&D Corporation and ESPEC MIC CORP. data logger products, which may lead to an arbitrary script execution on a logged-in user’s web browser. Affected products and versions are as follows: T&D Corporation data logger products (TR-71W/72W all firmware versions, RTR-5W all firmware versions, WDR-7 all firmware versions, WDR-3 all firmware versions, and WS-2 all firmware versions), and ESPEC MIC CORP. data logger products (RT-12N/RS-12N all firmware versions, RT-22BN all firmware versions, and TEU-12N all firmware versions).

CNA Affected

[
  {
    "vendor": "T&D Corporation and ESPEC MIC CORP.",
    "product": "T&D Corporation and ESPEC MIC CORP. data logger products",
    "versions": [
      {
        "version": "T&D Corporation data logger products (TR-71W/72W all firmware versions, RTR-5W all firmware versions, WDR-7 all firmware versions, WDR-3 all firmware versions, and WS-2 all firmware versions), ESPEC MIC CORP. data logger products (RT-12N/RS-12N all firmware versions, RT-22BN all firmware versions, and TEU-12N all firmware versions)",
        "status": "affected"
      }
    ]
  }
]