All the vulnerabilites related to ESPEC MIC Corp. - RS-12N
jvndb-2023-000051
Vulnerability from jvndb
Published
2023-05-19 15:21
Modified
2024-05-23 17:03
Severity ?
Summary
Multiple vulnerabilities in T&D and ESPEC MIC data logger products
Details
Multiple data logger products provided by T&D Corporation and ESPEC MIC CORP. contain multiple vulnerabilities listed below.
* Client-side enforcement of server-side security (CWE-602) - CVE-2023-22654
* Improper authentication (CWE-287) - CVE-2023-27388
* Missing authentication for critical function (CWE-306) - CVE-2023-23545
* Cross-site request forgery (CWE-352) - CVE-2023-27387
CVE-2023-22654
Takaya Noma, Tomoya Inazawa, Yudai Morii, Junnosuke Kushibiki, Takayuki Sasaki and Katsunari Yoshioka of Yokohama National University reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2023-27388
Tomoya Inazawa, Takaya Noma, Yudai Morii, Junnosuke Kushibiki, Takayuki Sasaki and Katsunari Yoshioka of Yokohama National University reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2023-23545
Yudai Morii, Takaya Noma, Tomoya Inazawa, Junnosuke Kushibiki, Takayuki Sasaki and Katsunari Yoshioka of Yokohama National University reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2023-27387
Junnosuke Kushibiki, Takaya Noma, Tomoya Inazawa, Yudai Morii, Takayuki Sasaki and Katsunari Yoshioka of Yokohama National University reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000051.html", "dc:date": "2024-05-23T17:03+09:00", "dcterms:issued": "2023-05-19T15:21+09:00", "dcterms:modified": "2024-05-23T17:03+09:00", "description": "Multiple data logger products provided by T\u0026D Corporation and ESPEC MIC CORP. contain multiple vulnerabilities listed below. \r\n\r\n * Client-side enforcement of server-side security (CWE-602) - CVE-2023-22654\r\n * Improper authentication (CWE-287) - CVE-2023-27388\r\n * Missing authentication for critical function (CWE-306) - CVE-2023-23545\r\n * Cross-site request forgery (CWE-352) - CVE-2023-27387\r\n\r\nCVE-2023-22654\r\nTakaya Noma, Tomoya Inazawa, Yudai Morii, Junnosuke Kushibiki, Takayuki Sasaki and Katsunari Yoshioka of Yokohama National University reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2023-27388\r\nTomoya Inazawa, Takaya Noma, Yudai Morii, Junnosuke Kushibiki, Takayuki Sasaki and Katsunari Yoshioka of Yokohama National University reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2023-23545\r\nYudai Morii, Takaya Noma, Tomoya Inazawa, Junnosuke Kushibiki, Takayuki Sasaki and Katsunari Yoshioka of Yokohama National University reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2023-27387\r\nJunnosuke Kushibiki, Takaya Noma, Tomoya Inazawa, Yudai Morii, Takayuki Sasaki and Katsunari Yoshioka of Yokohama National University reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.", "link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000051.html", "sec:cpe": [ { "#text": "cpe:/o:especmic:rs-12n_firmware", "@product": "RS-12N", "@vendor": "ESPEC MIC Corp.", "@version": "2.2" }, { "#text": "cpe:/o:especmic:rt-12n_firmware", "@product": "RT-12N", "@vendor": "ESPEC MIC Corp.", "@version": "2.2" }, { "#text": "cpe:/o:especmic:rt-22bn_firmware", "@product": "RT-22BN", "@vendor": "ESPEC MIC Corp.", "@version": "2.2" }, { "#text": "cpe:/o:especmic:teu-12n_firmware", "@product": "TEU-12N", "@vendor": "ESPEC MIC Corp.", "@version": "2.2" }, { "#text": "cpe:/o:tandd:rtr-5w_firmware", "@product": "RTR-5W", "@vendor": "T\u0026D Corporation", "@version": "2.2" }, { "#text": "cpe:/o:tandd:tr-71w_firmware", "@product": "TR-71W", "@vendor": "T\u0026D Corporation", "@version": "2.2" }, { "#text": "cpe:/o:tandd:tr-72w_firmware", "@product": "TR-72W", "@vendor": "T\u0026D Corporation", "@version": "2.2" }, { "#text": "cpe:/o:tandd:wdr-3_firmware", "@product": "WDR-3", "@vendor": "T\u0026D Corporation", "@version": "2.2" }, { "#text": "cpe:/o:tandd:wdr-7_firmware", "@product": "WDR-7", "@vendor": "T\u0026D Corporation", "@version": "2.2" }, { "#text": "cpe:/o:tandd:ws-2_firmware", "@product": "WS-2", "@vendor": "T\u0026D Corporation", "@version": "2.2" } ], "sec:cvss": [ { "@score": "7.5", "@severity": "High", "@type": "Base", "@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "@version": "2.0" }, { "@score": "9.8", "@severity": "Critical", "@type": "Base", "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "@version": "3.0" } ], "sec:identifier": "JVNDB-2023-000051", "sec:references": [ { "#text": "https://jvn.jp/en/jp/JVN14778242/index.html", "@id": "JVN#14778242", "@source": "JVN" }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2023-23545", "@id": "CVE-2023-23545", "@source": "CVE" }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2023-22654", "@id": "CVE-2023-22654", "@source": "CVE" }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2023-27387", "@id": "CVE-2023-27387", "@source": "CVE" }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2023-27388", "@id": "CVE-2023-27388", "@source": "CVE" }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-22654", "@id": "CVE-2023-22654", "@source": "NVD" }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-23545", "@id": "CVE-2023-23545", "@source": "NVD" }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-27387", "@id": "CVE-2023-27387", "@source": "NVD" }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-27388", "@id": "CVE-2023-27388", "@source": "NVD" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-287", "@title": "Improper Authentication(CWE-287)" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-352", "@title": "Cross-Site Request Forgery(CWE-352)" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-Other", "@title": "No Mapping(CWE-Other)" } ], "title": "Multiple vulnerabilities in T\u0026D and ESPEC MIC data logger products" }