CVE-2023-27388 — CRITICAL (9.8)

Vulnerability Description

Improper authentication vulnerability in T&D Corporation and ESPEC MIC CORP. data logger products allows a remote unauthenticated attacker to login to the product as a registered user. Affected products and versions are as follows: T&D Corporation data logger products (TR-71W/72W all firmware versions, RTR-5W all firmware versions, WDR-7 all firmware versions, WDR-3 all firmware versions, and WS-2 all firmware versions), and ESPEC MIC CORP. data logger products (RT-12N/RS-12N all firmware versions, RT-22BN all firmware versions, and TEU-12N all firmware versions).

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Tandd	Tr-71W Firmware	All versions
Tandd	Tr-71W	-
Tandd	Tr-72W Firmware	All versions
Tandd	Tr-72W	-
Tandd	Rtr-5W Firmware	All versions
Tandd	Rtr-5W	-
Tandd	Wdr-7 Firmware	All versions
Tandd	Wdr-7	-
Tandd	Wdr-3 Firmware	All versions
Tandd	Wdr-3	-
Tandd	Ws-2 Firmware	All versions
Tandd	Ws-2	-
Especmic	Rt-12N Firmware	All versions
Especmic	Rt-12N	-
Especmic	Rs-12N Firmware	All versions
Especmic	Rs-12N	-
Especmic	Rt-22Bn Firmware	All versions
Especmic	Rt-22Bn	-
Especmic	Teu-12N Firmware	All versions
Especmic	Teu-12N	-

Related Weaknesses (CWE)

CWE-287 CWE-863

References

https://jvn.jp/en/jp/JVN14778242/Third Party Advisory
https://www.monitoring.especmic.co.jp/post/VulnerabilityInRT-12N_RS-12N_RT-22BNaVendor Advisory
https://www.tandd.com/news/detail.html?id=780Vendor Advisory
https://jvn.jp/en/jp/JVN14778242/Third Party Advisory
https://www.monitoring.especmic.co.jp/post/VulnerabilityInRT-12N_RS-12N_RT-22BNaVendor Advisory
https://www.tandd.com/news/detail.html?id=780Vendor Advisory

FAQ

What is CVE-2023-27388?

CVE-2023-27388 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Improper authentication vulnerability in T&D Corporation and ESPEC MIC CORP. data logger products allows a remote unauthenticated attacker to login to the product as a registered user. Affected produc...

How severe is CVE-2023-27388?

CVE-2023-27388 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2023-27388?

Check the references section above for vendor advisories and patch information. Affected products include: Tandd Tr-71W Firmware, Tandd Tr-71W, Tandd Tr-72W Firmware, Tandd Tr-72W, Tandd Rtr-5W Firmware.