Search
Find a vulnerability
Search criteria
4 vulnerabilities by T&D Corporation
JVNDB-2023-000051
Vulnerability from jvndb - Published: 2023-05-19 15:21 - Updated:2024-05-23 17:03
Severity
Summary
Multiple vulnerabilities in T&D and ESPEC MIC data logger products
Details
Multiple data logger products provided by T&D Corporation and ESPEC MIC CORP. contain multiple vulnerabilities listed below.
* Client-side enforcement of server-side security (CWE-602) - CVE-2023-22654
* Improper authentication (CWE-287) - CVE-2023-27388
* Missing authentication for critical function (CWE-306) - CVE-2023-23545
* Cross-site request forgery (CWE-352) - CVE-2023-27387
CVE-2023-22654
Takaya Noma, Tomoya Inazawa, Yudai Morii, Junnosuke Kushibiki, Takayuki Sasaki and Katsunari Yoshioka of Yokohama National University reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2023-27388
Tomoya Inazawa, Takaya Noma, Yudai Morii, Junnosuke Kushibiki, Takayuki Sasaki and Katsunari Yoshioka of Yokohama National University reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2023-23545
Yudai Morii, Takaya Noma, Tomoya Inazawa, Junnosuke Kushibiki, Takayuki Sasaki and Katsunari Yoshioka of Yokohama National University reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2023-27387
Junnosuke Kushibiki, Takaya Noma, Tomoya Inazawa, Yudai Morii, Takayuki Sasaki and Katsunari Yoshioka of Yokohama National University reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000051.html",
"dc:date": "2024-05-23T17:03+09:00",
"dcterms:issued": "2023-05-19T15:21+09:00",
"dcterms:modified": "2024-05-23T17:03+09:00",
"description": "Multiple data logger products provided by T\u0026D Corporation and ESPEC MIC CORP. contain multiple vulnerabilities listed below. \r\n\r\n * Client-side enforcement of server-side security (CWE-602) - CVE-2023-22654\r\n * Improper authentication (CWE-287) - CVE-2023-27388\r\n * Missing authentication for critical function (CWE-306) - CVE-2023-23545\r\n * Cross-site request forgery (CWE-352) - CVE-2023-27387\r\n\r\nCVE-2023-22654\r\nTakaya Noma, Tomoya Inazawa, Yudai Morii, Junnosuke Kushibiki, Takayuki Sasaki and Katsunari Yoshioka of Yokohama National University reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2023-27388\r\nTomoya Inazawa, Takaya Noma, Yudai Morii, Junnosuke Kushibiki, Takayuki Sasaki and Katsunari Yoshioka of Yokohama National University reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2023-23545\r\nYudai Morii, Takaya Noma, Tomoya Inazawa, Junnosuke Kushibiki, Takayuki Sasaki and Katsunari Yoshioka of Yokohama National University reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2023-27387\r\nJunnosuke Kushibiki, Takaya Noma, Tomoya Inazawa, Yudai Morii, Takayuki Sasaki and Katsunari Yoshioka of Yokohama National University reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000051.html",
"sec:cpe": [
{
"#text": "cpe:/o:especmic:rs-12n_firmware",
"@product": "RS-12N",
"@vendor": "ESPEC MIC Corp.",
"@version": "2.2"
},
{
"#text": "cpe:/o:especmic:rt-12n_firmware",
"@product": "RT-12N",
"@vendor": "ESPEC MIC Corp.",
"@version": "2.2"
},
{
"#text": "cpe:/o:especmic:rt-22bn_firmware",
"@product": "RT-22BN",
"@vendor": "ESPEC MIC Corp.",
"@version": "2.2"
},
{
"#text": "cpe:/o:especmic:teu-12n_firmware",
"@product": "TEU-12N",
"@vendor": "ESPEC MIC Corp.",
"@version": "2.2"
},
{
"#text": "cpe:/o:tandd:rtr-5w_firmware",
"@product": "RTR-5W",
"@vendor": "T\u0026D Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:tandd:tr-71w_firmware",
"@product": "TR-71W",
"@vendor": "T\u0026D Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:tandd:tr-72w_firmware",
"@product": "TR-72W",
"@vendor": "T\u0026D Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:tandd:wdr-3_firmware",
"@product": "WDR-3",
"@vendor": "T\u0026D Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:tandd:wdr-7_firmware",
"@product": "WDR-7",
"@vendor": "T\u0026D Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:tandd:ws-2_firmware",
"@product": "WS-2",
"@vendor": "T\u0026D Corporation",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "7.5",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "9.8",
"@severity": "Critical",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2023-000051",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN14778242/index.html",
"@id": "JVN#14778242",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-23545",
"@id": "CVE-2023-23545",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-22654",
"@id": "CVE-2023-22654",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-27387",
"@id": "CVE-2023-27387",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-27388",
"@id": "CVE-2023-27388",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-22654",
"@id": "CVE-2023-22654",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-23545",
"@id": "CVE-2023-23545",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-27387",
"@id": "CVE-2023-27387",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-27388",
"@id": "CVE-2023-27388",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-287",
"@title": "Improper Authentication(CWE-287)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in T\u0026D and ESPEC MIC data logger products"
}
JVNDB-2022-000042
Vulnerability from jvndb - Published: 2022-06-01 16:12 - Updated:2024-06-18 10:34
Severity
Summary
T&D Data Server and THERMO RECORDER DATA SERVER contain a directory traversal vulnerability.
Details
T&D Data Server and THERMO RECORDER DATA SERVER provided by T&D Corporation contain a directory traversal vulnerability (CWE-22).
Shun Asai of FiveDrive, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000042.html",
"dc:date": "2024-06-18T10:34+09:00",
"dcterms:issued": "2022-06-01T16:12+09:00",
"dcterms:modified": "2024-06-18T10:34+09:00",
"description": "T\u0026D Data Server and THERMO RECORDER DATA SERVER provided by T\u0026D Corporation contain a directory traversal vulnerability (CWE-22).\r\n\r\nShun Asai of FiveDrive, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000042.html",
"sec:cpe": [
{
"#text": "cpe:/a:tandd:t%26d_server",
"@product": "T\u0026D Data Server",
"@vendor": "T\u0026D Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:tandd:thermo_recorder_data_server_firmware",
"@product": "THERMO RECORDER DATA SERVER",
"@vendor": "T\u0026D Corporation",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "7.5",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2022-000042",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN28659051/index.html",
"@id": "JVN#28659051",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-29509",
"@id": "CVE-2022-29509",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-29509",
"@id": "CVE-2022-29509",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
}
],
"title": "T\u0026D Data Server and THERMO RECORDER DATA SERVER contain a directory traversal vulnerability."
}
CVE-2022-29509 (GCVE-0-2022-29509)
Vulnerability from nvd – Published: 2022-06-14 07:05 – Updated: 2024-08-03 06:26
VLAI
Summary
Directory traversal vulnerability in T&D Data Server (Japanese Edition) Ver.2.22 and earlier, T&D Data Server (English Edition) Ver.2.30 and earlier, THERMO RECORDER DATA SERVER (Japanese Edition) Ver.2.13 and earlier, and THERMO RECORDER DATA SERVER (English Edition) Ver.2.13 and earlier allows a remote attacker to view an arbitrary file on the server via unspecified vectors.
Severity
No CVSS data available.
CWE
- Directory traversal
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://tandd.com/news/detail.html?id=696 | x_refsource_MISC |
| https://www.tandd.co.jp/news/detail.html?id=522 | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN28659051/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| T&D Corporation | T&D Data Server and THERMO RECORDER DATA SERVER |
Affected:
T&D Data Server (Japanese Edition) Ver.2.22 and earlier, T&D Data Server (English Edition) Ver.2.30 and earlier, THERMO RECORDER DATA SERVER (Japanese Edition) Ver.2.13 and earlier, and THERMO RECORDER DATA SERVER (English Edition) Ver.2.13 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:26:05.979Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://tandd.com/news/detail.html?id=696"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tandd.co.jp/news/detail.html?id=522"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN28659051/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "T\u0026D Data Server and THERMO RECORDER DATA SERVER",
"vendor": "T\u0026D Corporation",
"versions": [
{
"status": "affected",
"version": "T\u0026D Data Server (Japanese Edition) Ver.2.22 and earlier, T\u0026D Data Server (English Edition) Ver.2.30 and earlier, THERMO RECORDER DATA SERVER (Japanese Edition) Ver.2.13 and earlier, and THERMO RECORDER DATA SERVER (English Edition) Ver.2.13 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in T\u0026D Data Server (Japanese Edition) Ver.2.22 and earlier, T\u0026D Data Server (English Edition) Ver.2.30 and earlier, THERMO RECORDER DATA SERVER (Japanese Edition) Ver.2.13 and earlier, and THERMO RECORDER DATA SERVER (English Edition) Ver.2.13 and earlier allows a remote attacker to view an arbitrary file on the server via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-14T07:05:42.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://tandd.com/news/detail.html?id=696"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tandd.co.jp/news/detail.html?id=522"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN28659051/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-29509",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "T\u0026D Data Server and THERMO RECORDER DATA SERVER",
"version": {
"version_data": [
{
"version_value": "T\u0026D Data Server (Japanese Edition) Ver.2.22 and earlier, T\u0026D Data Server (English Edition) Ver.2.30 and earlier, THERMO RECORDER DATA SERVER (Japanese Edition) Ver.2.13 and earlier, and THERMO RECORDER DATA SERVER (English Edition) Ver.2.13 and earlier"
}
]
}
}
]
},
"vendor_name": "T\u0026D Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in T\u0026D Data Server (Japanese Edition) Ver.2.22 and earlier, T\u0026D Data Server (English Edition) Ver.2.30 and earlier, THERMO RECORDER DATA SERVER (Japanese Edition) Ver.2.13 and earlier, and THERMO RECORDER DATA SERVER (English Edition) Ver.2.13 and earlier allows a remote attacker to view an arbitrary file on the server via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tandd.com/news/detail.html?id=696",
"refsource": "MISC",
"url": "https://tandd.com/news/detail.html?id=696"
},
{
"name": "https://www.tandd.co.jp/news/detail.html?id=522",
"refsource": "MISC",
"url": "https://www.tandd.co.jp/news/detail.html?id=522"
},
{
"name": "https://jvn.jp/en/jp/JVN28659051/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN28659051/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-29509",
"datePublished": "2022-06-14T07:05:42.000Z",
"dateReserved": "2022-05-06T00:00:00.000Z",
"dateUpdated": "2024-08-03T06:26:05.979Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29509 (GCVE-0-2022-29509)
Vulnerability from cvelistv5 – Published: 2022-06-14 07:05 – Updated: 2024-08-03 06:26
VLAI
Summary
Directory traversal vulnerability in T&D Data Server (Japanese Edition) Ver.2.22 and earlier, T&D Data Server (English Edition) Ver.2.30 and earlier, THERMO RECORDER DATA SERVER (Japanese Edition) Ver.2.13 and earlier, and THERMO RECORDER DATA SERVER (English Edition) Ver.2.13 and earlier allows a remote attacker to view an arbitrary file on the server via unspecified vectors.
Severity
No CVSS data available.
CWE
- Directory traversal
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://tandd.com/news/detail.html?id=696 | x_refsource_MISC |
| https://www.tandd.co.jp/news/detail.html?id=522 | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN28659051/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| T&D Corporation | T&D Data Server and THERMO RECORDER DATA SERVER |
Affected:
T&D Data Server (Japanese Edition) Ver.2.22 and earlier, T&D Data Server (English Edition) Ver.2.30 and earlier, THERMO RECORDER DATA SERVER (Japanese Edition) Ver.2.13 and earlier, and THERMO RECORDER DATA SERVER (English Edition) Ver.2.13 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:26:05.979Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://tandd.com/news/detail.html?id=696"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tandd.co.jp/news/detail.html?id=522"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN28659051/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "T\u0026D Data Server and THERMO RECORDER DATA SERVER",
"vendor": "T\u0026D Corporation",
"versions": [
{
"status": "affected",
"version": "T\u0026D Data Server (Japanese Edition) Ver.2.22 and earlier, T\u0026D Data Server (English Edition) Ver.2.30 and earlier, THERMO RECORDER DATA SERVER (Japanese Edition) Ver.2.13 and earlier, and THERMO RECORDER DATA SERVER (English Edition) Ver.2.13 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in T\u0026D Data Server (Japanese Edition) Ver.2.22 and earlier, T\u0026D Data Server (English Edition) Ver.2.30 and earlier, THERMO RECORDER DATA SERVER (Japanese Edition) Ver.2.13 and earlier, and THERMO RECORDER DATA SERVER (English Edition) Ver.2.13 and earlier allows a remote attacker to view an arbitrary file on the server via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-14T07:05:42.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://tandd.com/news/detail.html?id=696"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tandd.co.jp/news/detail.html?id=522"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN28659051/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-29509",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "T\u0026D Data Server and THERMO RECORDER DATA SERVER",
"version": {
"version_data": [
{
"version_value": "T\u0026D Data Server (Japanese Edition) Ver.2.22 and earlier, T\u0026D Data Server (English Edition) Ver.2.30 and earlier, THERMO RECORDER DATA SERVER (Japanese Edition) Ver.2.13 and earlier, and THERMO RECORDER DATA SERVER (English Edition) Ver.2.13 and earlier"
}
]
}
}
]
},
"vendor_name": "T\u0026D Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in T\u0026D Data Server (Japanese Edition) Ver.2.22 and earlier, T\u0026D Data Server (English Edition) Ver.2.30 and earlier, THERMO RECORDER DATA SERVER (Japanese Edition) Ver.2.13 and earlier, and THERMO RECORDER DATA SERVER (English Edition) Ver.2.13 and earlier allows a remote attacker to view an arbitrary file on the server via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tandd.com/news/detail.html?id=696",
"refsource": "MISC",
"url": "https://tandd.com/news/detail.html?id=696"
},
{
"name": "https://www.tandd.co.jp/news/detail.html?id=522",
"refsource": "MISC",
"url": "https://www.tandd.co.jp/news/detail.html?id=522"
},
{
"name": "https://jvn.jp/en/jp/JVN28659051/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN28659051/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-29509",
"datePublished": "2022-06-14T07:05:42.000Z",
"dateReserved": "2022-05-06T00:00:00.000Z",
"dateUpdated": "2024-08-03T06:26:05.979Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}