CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
72.1%
Multiple data logger products provided by T&D Corporation and ESPEC MIC CORP. contain multiple vulnerabilities listed below.
Client-side enforcement of server-side security (CWE-602) - CVE-2023-22654
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N | Base Score: 4.2 |
CVSS v2 | AV:N/AC:H/Au:S/C:N/I:P/A:N | Base Score: 2.1 |
Improper authentication (CWE-287) - CVE-2023-27388
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | Base Score: 9.8 |
CVSS v2 | AV:N/AC:L/Au:N/C:P/I:P/A:P | Base Score: 7.5 |
Missing authentication for critical function (CWE-306) - CVE-2023-23545
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N | Base Score: 5.3 |
CVSS v2 | AV:N/AC:L/Au:N/C:N/I:P/A:N | Base Score: 5.0 |
Cross-site request forgery (CWE-352) - CVE-2023-27387
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N | Base Score: 4.3 |
CVSS v2 | AV:N/AC:H/Au:N/C:N/I:P/A:N | Base Score: 2.6 |
Stop using the product
The developers state that these products had been end of sale in 2014, therefore recommend users to stop using the products.
Until stop using the products, it is recommended that applying following mitigations.
The following products are affected.
Note that, ESPEC MIC CORP.'s products are OEM products of T&D Corporation.
Products provided by T&D Corporation:
TR-71W/72W all firmware versions
RTR-5W all firmware versions
WDR-7 all firmware versions
WDR-3 all firmware versions
WS-2 all firmware versions
Products provided by ESPEC MIC CORP.:
RT-12N/RS-12N all firmware versions
RT-22BN all firmware versions
TEU-12N all firmware versions