cvelistv5 - cve-2022-29509

CVE-2022-29509 (GCVE-0-2022-29509)

Vulnerability from cvelistv5 – Published: 2022-06-14 07:05 – Updated: 2024-08-03 06:26

Summary

Directory traversal vulnerability in T&D Data Server (Japanese Edition) Ver.2.22 and earlier, T&D Data Server (English Edition) Ver.2.30 and earlier, THERMO RECORDER DATA SERVER (Japanese Edition) Ver.2.13 and earlier, and THERMO RECORDER DATA SERVER (English Edition) Ver.2.13 and earlier allows a remote attacker to view an arbitrary file on the server via unspecified vectors.

Severity ?

No CVSS data available.

CWE

Directory traversal

Assigner

jpcert

References

URL

Tags

	https://tandd.com/news/detail.html?id=696	x_refsource_MISC
	https://www.tandd.co.jp/news/detail.html?id=522	x_refsource_MISC
	https://jvn.jp/en/jp/JVN28659051/index.html	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	T&D Corporation	T&D Data Server and THERMO RECORDER DATA SERVER	Affected: T&D Data Server (Japanese Edition) Ver.2.22 and earlier, T&D Data Server (English Edition) Ver.2.30 and earlier, THERMO RECORDER DATA SERVER (Japanese Edition) Ver.2.13 and earlier, and THERMO RECORDER DATA SERVER (English Edition) Ver.2.13 and earlier

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T06:26:05.979Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://tandd.com/news/detail.html?id=696"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.tandd.co.jp/news/detail.html?id=522"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN28659051/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "T\u0026D Data Server and THERMO RECORDER DATA SERVER",
          "vendor": "T\u0026D Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "T\u0026D Data Server (Japanese Edition) Ver.2.22 and earlier, T\u0026D Data Server (English Edition) Ver.2.30 and earlier, THERMO RECORDER DATA SERVER (Japanese Edition) Ver.2.13 and earlier, and THERMO RECORDER DATA SERVER (English Edition) Ver.2.13 and earlier"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability in T\u0026D Data Server (Japanese Edition) Ver.2.22 and earlier, T\u0026D Data Server (English Edition) Ver.2.30 and earlier, THERMO RECORDER DATA SERVER (Japanese Edition) Ver.2.13 and earlier, and THERMO RECORDER DATA SERVER (English Edition) Ver.2.13 and earlier allows a remote attacker to view an arbitrary file on the server via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Directory traversal",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-14T07:05:42",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://tandd.com/news/detail.html?id=696"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.tandd.co.jp/news/detail.html?id=522"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/en/jp/JVN28659051/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2022-29509",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "T\u0026D Data Server and THERMO RECORDER DATA SERVER",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "T\u0026D Data Server (Japanese Edition) Ver.2.22 and earlier, T\u0026D Data Server (English Edition) Ver.2.30 and earlier, THERMO RECORDER DATA SERVER (Japanese Edition) Ver.2.13 and earlier, and THERMO RECORDER DATA SERVER (English Edition) Ver.2.13 and earlier"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "T\u0026D Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Directory traversal vulnerability in T\u0026D Data Server (Japanese Edition) Ver.2.22 and earlier, T\u0026D Data Server (English Edition) Ver.2.30 and earlier, THERMO RECORDER DATA SERVER (Japanese Edition) Ver.2.13 and earlier, and THERMO RECORDER DATA SERVER (English Edition) Ver.2.13 and earlier allows a remote attacker to view an arbitrary file on the server via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Directory traversal"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://tandd.com/news/detail.html?id=696",
              "refsource": "MISC",
              "url": "https://tandd.com/news/detail.html?id=696"
            },
            {
              "name": "https://www.tandd.co.jp/news/detail.html?id=522",
              "refsource": "MISC",
              "url": "https://www.tandd.co.jp/news/detail.html?id=522"
            },
            {
              "name": "https://jvn.jp/en/jp/JVN28659051/index.html",
              "refsource": "MISC",
              "url": "https://jvn.jp/en/jp/JVN28659051/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2022-29509",
    "datePublished": "2022-06-14T07:05:42",
    "dateReserved": "2022-05-06T00:00:00",
    "dateUpdated": "2024-08-03T06:26:05.979Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:tandd:t\\\\\u0026d_server:*:*:*:*:ja:*:*:*\", \"versionEndIncluding\": \"2.22\", \"matchCriteriaId\": \"F452E321-1050-4CE5-BE69-FAD4CFCC3490\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:tandd:t\\\\\u0026d_server:*:*:*:*:en:*:*:*\", \"versionEndIncluding\": \"2.30\", \"matchCriteriaId\": \"549532EF-1BEF-425E-A34D-1320D97D8D82\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:tandd:thermo_recorder_data_server_firmware:*:*:*:en:*:*:*:*\", \"versionEndIncluding\": \"2.13\", \"matchCriteriaId\": \"DC95D650-05B8-418A-9B3F-25BCB7F74D41\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:tandd:thermo_recorder_data_server:-:*:*:en:*:*:*:*\", \"matchCriteriaId\": \"E5A1A21D-A064-458A-A1FE-4FEFB9BDF0CE\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:tandd:thermo_recorder_data_server_firmware:*:*:*:ja:*:*:*:*\", \"versionEndIncluding\": \"2.13\", \"matchCriteriaId\": \"F5CFE83E-B7E2-4371-925C-1D1DA69EC5DE\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:tandd:thermo_recorder_data_server:-:*:*:ja:*:*:*:*\", \"matchCriteriaId\": \"8CA720C8-DE37-4AFF-BAB2-CAF53C1498F4\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Directory traversal vulnerability in T\u0026D Data Server (Japanese Edition) Ver.2.22 and earlier, T\u0026D Data Server (English Edition) Ver.2.30 and earlier, THERMO RECORDER DATA SERVER (Japanese Edition) Ver.2.13 and earlier, and THERMO RECORDER DATA SERVER (English Edition) Ver.2.13 and earlier allows a remote attacker to view an arbitrary file on the server via unspecified vectors.\"}, {\"lang\": \"es\", \"value\": \"La vulnerabilidad de salto de directorio en T\u0026amp;D Data Server (Japanese Edition) Versiones 2.22 y anteriores, T\u0026amp;D Data Server (English Edition) Versiones 2.30 y anteriores, THERMO RECORDER DATA SERVER (Japanese Edition) Versiones 2.13 y anteriores, y THERMO RECORDER DATA SERVER (English Edition) Versiones 2.13 y anteriores permite a un atacante remoto visualizar un archivo arbitrario en el servidor por medio de vectores no especificados\"}]",
      "id": "CVE-2022-29509",
      "lastModified": "2024-11-21T06:59:13.617",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2022-06-14T09:15:09.617",
      "references": "[{\"url\": \"https://jvn.jp/en/jp/JVN28659051/index.html\", \"source\": \"vultures@jpcert.or.jp\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://tandd.com/news/detail.html?id=696\", \"source\": \"vultures@jpcert.or.jp\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.tandd.co.jp/news/detail.html?id=522\", \"source\": \"vultures@jpcert.or.jp\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://jvn.jp/en/jp/JVN28659051/index.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://tandd.com/news/detail.html?id=696\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.tandd.co.jp/news/detail.html?id=522\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "vultures@jpcert.or.jp",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-29509\",\"sourceIdentifier\":\"vultures@jpcert.or.jp\",\"published\":\"2022-06-14T09:15:09.617\",\"lastModified\":\"2024-11-21T06:59:13.617\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Directory traversal vulnerability in T\u0026D Data Server (Japanese Edition) Ver.2.22 and earlier, T\u0026D Data Server (English Edition) Ver.2.30 and earlier, THERMO RECORDER DATA SERVER (Japanese Edition) Ver.2.13 and earlier, and THERMO RECORDER DATA SERVER (English Edition) Ver.2.13 and earlier allows a remote attacker to view an arbitrary file on the server via unspecified vectors.\"},{\"lang\":\"es\",\"value\":\"La vulnerabilidad de salto de directorio en T\u0026amp;D Data Server (Japanese Edition) Versiones 2.22 y anteriores, T\u0026amp;D Data Server (English Edition) Versiones 2.30 y anteriores, THERMO RECORDER DATA SERVER (Japanese Edition) Versiones 2.13 y anteriores, y THERMO RECORDER DATA SERVER (English Edition) Versiones 2.13 y anteriores permite a un atacante remoto visualizar un archivo arbitrario en el servidor por medio de vectores no especificados\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tandd:t\\\\\u0026d_server:*:*:*:*:ja:*:*:*\",\"versionEndIncluding\":\"2.22\",\"matchCriteriaId\":\"F452E321-1050-4CE5-BE69-FAD4CFCC3490\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tandd:t\\\\\u0026d_server:*:*:*:*:en:*:*:*\",\"versionEndIncluding\":\"2.30\",\"matchCriteriaId\":\"549532EF-1BEF-425E-A34D-1320D97D8D82\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:tandd:thermo_recorder_data_server_firmware:*:*:*:en:*:*:*:*\",\"versionEndIncluding\":\"2.13\",\"matchCriteriaId\":\"DC95D650-05B8-418A-9B3F-25BCB7F74D41\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:tandd:thermo_recorder_data_server:-:*:*:en:*:*:*:*\",\"matchCriteriaId\":\"E5A1A21D-A064-458A-A1FE-4FEFB9BDF0CE\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:tandd:thermo_recorder_data_server_firmware:*:*:*:ja:*:*:*:*\",\"versionEndIncluding\":\"2.13\",\"matchCriteriaId\":\"F5CFE83E-B7E2-4371-925C-1D1DA69EC5DE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:tandd:thermo_recorder_data_server:-:*:*:ja:*:*:*:*\",\"matchCriteriaId\":\"8CA720C8-DE37-4AFF-BAB2-CAF53C1498F4\"}]}]}],\"references\":[{\"url\":\"https://jvn.jp/en/jp/JVN28659051/index.html\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://tandd.com/news/detail.html?id=696\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.tandd.co.jp/news/detail.html?id=522\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://jvn.jp/en/jp/JVN28659051/index.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://tandd.com/news/detail.html?id=696\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.tandd.co.jp/news/detail.html?id=522\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

JVNDB-2022-000042

Vulnerability from jvndb - Published: 2022-06-01 16:12 - Updated:2024-06-18 10:34

Severity ?

7.5 (High) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

T&D Data Server and THERMO RECORDER DATA SERVER contain a directory traversal vulnerability.

Details

T&D Data Server and THERMO RECORDER DATA SERVER provided by T&D Corporation contain a directory traversal vulnerability (CWE-22). Shun Asai of FiveDrive, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

Type

URL

	JVN	https://jvn.jp/en/jp/JVN28659051/index.html
	CVE	https://www.cve.org/CVERecord?id=CVE-2022-29509
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-29509
	Path Traversal(CWE-22)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

	T&D Corporation	T&D Data Server
	T&D Corporation	THERMO RECORDER DATA SERVER

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000042.html",
  "dc:date": "2024-06-18T10:34+09:00",
  "dcterms:issued": "2022-06-01T16:12+09:00",
  "dcterms:modified": "2024-06-18T10:34+09:00",
  "description": "T\u0026D Data Server and THERMO RECORDER DATA SERVER provided by T\u0026D Corporation contain a directory traversal vulnerability (CWE-22).\r\n\r\nShun Asai of FiveDrive, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000042.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:tandd:t%26d_server",
      "@product": "T\u0026D Data Server",
      "@vendor": "T\u0026D Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:tandd:thermo_recorder_data_server_firmware",
      "@product": "THERMO RECORDER DATA SERVER",
      "@vendor": "T\u0026D Corporation",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "5.0",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
      "@version": "2.0"
    },
    {
      "@score": "7.5",
      "@severity": "High",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2022-000042",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN28659051/index.html",
      "@id": "JVN#28659051",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-29509",
      "@id": "CVE-2022-29509",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-29509",
      "@id": "CVE-2022-29509",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-22",
      "@title": "Path Traversal(CWE-22)"
    }
  ],
  "title": "T\u0026D Data Server and THERMO RECORDER DATA SERVER contain a directory traversal vulnerability."
}

GSD-2022-29509

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2022-29509

Aliases

CVE-2022-29509

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-29509",
    "description": "Directory traversal vulnerability in T\u0026D Data Server (Japanese Edition) Ver.2.22 and earlier, T\u0026D Data Server (English Edition) Ver.2.30 and earlier, THERMO RECORDER DATA SERVER (Japanese Edition) Ver.2.13 and earlier, and THERMO RECORDER DATA SERVER (English Edition) Ver.2.13 and earlier allows a remote attacker to view an arbitrary file on the server via unspecified vectors.",
    "id": "GSD-2022-29509"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-29509"
      ],
      "details": "Directory traversal vulnerability in T\u0026D Data Server (Japanese Edition) Ver.2.22 and earlier, T\u0026D Data Server (English Edition) Ver.2.30 and earlier, THERMO RECORDER DATA SERVER (Japanese Edition) Ver.2.13 and earlier, and THERMO RECORDER DATA SERVER (English Edition) Ver.2.13 and earlier allows a remote attacker to view an arbitrary file on the server via unspecified vectors.",
      "id": "GSD-2022-29509",
      "modified": "2023-12-13T01:19:42.307322Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vultures@jpcert.or.jp",
        "ID": "CVE-2022-29509",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "T\u0026D Data Server and THERMO RECORDER DATA SERVER",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "T\u0026D Data Server (Japanese Edition) Ver.2.22 and earlier, T\u0026D Data Server (English Edition) Ver.2.30 and earlier, THERMO RECORDER DATA SERVER (Japanese Edition) Ver.2.13 and earlier, and THERMO RECORDER DATA SERVER (English Edition) Ver.2.13 and earlier"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "T\u0026D Corporation"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Directory traversal vulnerability in T\u0026D Data Server (Japanese Edition) Ver.2.22 and earlier, T\u0026D Data Server (English Edition) Ver.2.30 and earlier, THERMO RECORDER DATA SERVER (Japanese Edition) Ver.2.13 and earlier, and THERMO RECORDER DATA SERVER (English Edition) Ver.2.13 and earlier allows a remote attacker to view an arbitrary file on the server via unspecified vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Directory traversal"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://tandd.com/news/detail.html?id=696",
            "refsource": "MISC",
            "url": "https://tandd.com/news/detail.html?id=696"
          },
          {
            "name": "https://www.tandd.co.jp/news/detail.html?id=522",
            "refsource": "MISC",
            "url": "https://www.tandd.co.jp/news/detail.html?id=522"
          },
          {
            "name": "https://jvn.jp/en/jp/JVN28659051/index.html",
            "refsource": "MISC",
            "url": "https://jvn.jp/en/jp/JVN28659051/index.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:tandd:t\\\u0026d_server:*:*:*:*:en:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.30",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:tandd:t\\\u0026d_server:*:*:*:*:ja:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.22",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:tandd:thermo_recorder_data_server_firmware:*:*:*:en:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.13",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:tandd:thermo_recorder_data_server:-:*:*:en:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:tandd:thermo_recorder_data_server_firmware:*:*:*:ja:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.13",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:tandd:thermo_recorder_data_server:-:*:*:ja:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2022-29509"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in T\u0026D Data Server (Japanese Edition) Ver.2.22 and earlier, T\u0026D Data Server (English Edition) Ver.2.30 and earlier, THERMO RECORDER DATA SERVER (Japanese Edition) Ver.2.13 and earlier, and THERMO RECORDER DATA SERVER (English Edition) Ver.2.13 and earlier allows a remote attacker to view an arbitrary file on the server via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-22"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jvn.jp/en/jp/JVN28659051/index.html",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://jvn.jp/en/jp/JVN28659051/index.html"
            },
            {
              "name": "https://tandd.com/news/detail.html?id=696",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://tandd.com/news/detail.html?id=696"
            },
            {
              "name": "https://www.tandd.co.jp/news/detail.html?id=522",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.tandd.co.jp/news/detail.html?id=522"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2022-06-27T17:13Z",
      "publishedDate": "2022-06-14T09:15Z"
    }
  }
}

GHSA-7G43-RVQW-4XWG

Vulnerability from github – Published: 2022-06-15 00:00 – Updated: 2022-06-28 00:00

Details

Severity ?

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-29509"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-06-14T09:15:00Z",
    "severity": "HIGH"
  },
  "details": "Directory traversal vulnerability in T\u0026D Data Server (Japanese Edition) Ver.2.22 and earlier, T\u0026D Data Server (English Edition) Ver.2.30 and earlier, THERMO RECORDER DATA SERVER (Japanese Edition) Ver.2.13 and earlier, and THERMO RECORDER DATA SERVER (English Edition) Ver.2.13 and earlier allows a remote attacker to view an arbitrary file on the server via unspecified vectors.",
  "id": "GHSA-7g43-rvqw-4xwg",
  "modified": "2022-06-28T00:00:55Z",
  "published": "2022-06-15T00:00:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29509"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN28659051/index.html"
    },
    {
      "type": "WEB",
      "url": "https://tandd.com/news/detail.html?id=696"
    },
    {
      "type": "WEB",
      "url": "https://www.tandd.co.jp/news/detail.html?id=522"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2022-29509

Vulnerability from fkie_nvd - Published: 2022-06-14 09:15 - Updated: 2024-11-21 06:59

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
vultures@jpcert.or.jp	https://jvn.jp/en/jp/JVN28659051/index.html	Third Party Advisory, VDB Entry
vultures@jpcert.or.jp	https://tandd.com/news/detail.html?id=696	Vendor Advisory
vultures@jpcert.or.jp	https://www.tandd.co.jp/news/detail.html?id=522	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://jvn.jp/en/jp/JVN28659051/index.html	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://tandd.com/news/detail.html?id=696	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.tandd.co.jp/news/detail.html?id=522	Vendor Advisory

Impacted products

Vendor	Product	Version
tandd	t\&d_server	*
tandd	t\&d_server	*
tandd	thermo_recorder_data_server_firmware	*
tandd	thermo_recorder_data_server	-
tandd	thermo_recorder_data_server_firmware	*
tandd	thermo_recorder_data_server	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:tandd:t\\\u0026d_server:*:*:*:*:ja:*:*:*",
              "matchCriteriaId": "F452E321-1050-4CE5-BE69-FAD4CFCC3490",
              "versionEndIncluding": "2.22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tandd:t\\\u0026d_server:*:*:*:*:en:*:*:*",
              "matchCriteriaId": "549532EF-1BEF-425E-A34D-1320D97D8D82",
              "versionEndIncluding": "2.30",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:tandd:thermo_recorder_data_server_firmware:*:*:*:en:*:*:*:*",
              "matchCriteriaId": "DC95D650-05B8-418A-9B3F-25BCB7F74D41",
              "versionEndIncluding": "2.13",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:tandd:thermo_recorder_data_server:-:*:*:en:*:*:*:*",
              "matchCriteriaId": "E5A1A21D-A064-458A-A1FE-4FEFB9BDF0CE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:tandd:thermo_recorder_data_server_firmware:*:*:*:ja:*:*:*:*",
              "matchCriteriaId": "F5CFE83E-B7E2-4371-925C-1D1DA69EC5DE",
              "versionEndIncluding": "2.13",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:tandd:thermo_recorder_data_server:-:*:*:ja:*:*:*:*",
              "matchCriteriaId": "8CA720C8-DE37-4AFF-BAB2-CAF53C1498F4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Directory traversal vulnerability in T\u0026D Data Server (Japanese Edition) Ver.2.22 and earlier, T\u0026D Data Server (English Edition) Ver.2.30 and earlier, THERMO RECORDER DATA SERVER (Japanese Edition) Ver.2.13 and earlier, and THERMO RECORDER DATA SERVER (English Edition) Ver.2.13 and earlier allows a remote attacker to view an arbitrary file on the server via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "La vulnerabilidad de salto de directorio en T\u0026amp;D Data Server (Japanese Edition) Versiones 2.22 y anteriores, T\u0026amp;D Data Server (English Edition) Versiones 2.30 y anteriores, THERMO RECORDER DATA SERVER (Japanese Edition) Versiones 2.13 y anteriores, y THERMO RECORDER DATA SERVER (English Edition) Versiones 2.13 y anteriores permite a un atacante remoto visualizar un archivo arbitrario en el servidor por medio de vectores no especificados"
    }
  ],
  "id": "CVE-2022-29509",
  "lastModified": "2024-11-21T06:59:13.617",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-06-14T09:15:09.617",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://jvn.jp/en/jp/JVN28659051/index.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tandd.com/news/detail.html?id=696"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.tandd.co.jp/news/detail.html?id=522"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://jvn.jp/en/jp/JVN28659051/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tandd.com/news/detail.html?id=696"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.tandd.co.jp/news/detail.html?id=522"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-29509 (GCVE-0-2022-29509)

JVNDB-2022-000042

GSD-2022-29509

GHSA-7G43-RVQW-4XWG

FKIE_CVE-2022-29509

Tags

Sightings

Nomenclature