CVE-2023-27387 – This CVE describes a cross-site request forgery... (How to Fix)

Q: What is the severity of CVE-2023-27387?

CVE-2023-27387 has a CVSS score of 8.8 (HIGH). This CVE describes a cross-site request forgery (CSRF) vulnerability in T&D Corporation and ESPEC MIC CORP. data logger products that allows an unauthenticated remote attacker to perform arbitrary operations by tricking a logged-in user into visiting a malicious webpage. All firmware versions of the listed data logger models are affected, potentially compromising data integrity and device control.

📋 TL;DR

This CVE describes a cross-site request forgery (CSRF) vulnerability in T&D Corporation and ESPEC MIC CORP. data logger products that allows an unauthenticated remote attacker to perform arbitrary operations by tricking a logged-in user into visiting a malicious webpage. All firmware versions of the listed data logger models are affected, potentially compromising data integrity and device control.

💻 Affected Systems

Products:

T&D Corporation TR-71W
T&D Corporation TR-72W
T&D Corporation RTR-5W
T&D Corporation WDR-7
T&D Corporation WDR-3
T&D Corporation WS-2
ESPEC MIC CORP. RT-12N
ESPEC MIC CORP. RS-12N
ESPEC MIC CORP. RT-22BN
ESPEC MIC CORP. TEU-12N

Versions: All firmware versions

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All listed data logger models with web interfaces are vulnerable in their default configurations.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could reconfigure data loggers to manipulate or delete collected data, disrupt monitoring operations, or potentially gain unauthorized access to connected systems.

🟠

Likely Case

Attackers would manipulate device settings, alter data collection parameters, or disrupt normal operations through unauthorized configuration changes.

🟢

If Mitigated

With proper CSRF protections and network segmentation, impact would be limited to isolated incidents requiring manual intervention to restore proper configuration.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

CSRF attacks require social engineering to trick authenticated users but are technically simple to implement once the vulnerable endpoint is identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: None available

Vendor Advisory: https://www.tandd.com/news/detail.html?id=780

Restart Required: No

Instructions:

No official patches available. Follow vendor advisories for updates and implement workarounds immediately.

🔧 Temporary Workarounds

Implement CSRF Tokens

all

Add anti-CSRF tokens to all state-changing requests in the web interface

Network Segmentation

all

Isolate data loggers on separate network segments with strict access controls

🧯 If You Can't Patch

Implement strict network access controls to limit web interface access to trusted IP addresses only
Use browser extensions that block CSRF attacks and educate users about phishing risks

🔍 How to Verify

Check if Vulnerable:

Check if web interface forms lack CSRF tokens by inspecting HTTP requests for state-changing operations

Check Version:

Check device web interface for firmware version information

Verify Fix Applied:

Verify that all POST/PUT/DELETE requests include unique, validated CSRF tokens

📡 Detection & Monitoring

Log Indicators:

Multiple configuration changes from different user sessions in short timeframes
Unauthorized configuration modifications

Network Indicators:

HTTP requests to configuration endpoints without proper referrer headers or CSRF tokens

SIEM Query:

source="data_logger_web" AND (action="config_change" OR method="POST") | stats count by src_ip, user_agent

📊 Metadata

CVE ID: CVE-2023-27387

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-352

Published: May 23, 2023

Last Updated: November 21, 2024

🔗 References

https://jvn.jp/en/jp/JVN14778242/ Third Party Advisory
https://www.monitoring.especmic.co.jp/post/VulnerabilityInRT-12N_RS-12N_RT-22BNandTEU-12N Vendor Advisory
https://www.tandd.com/news/detail.html?id=780 Vendor Advisory
https://jvn.jp/en/jp/JVN14778242/ Third Party Advisory
https://www.monitoring.especmic.co.jp/post/VulnerabilityInRT-12N_RS-12N_RT-22BNandTEU-12N Vendor Advisory
https://www.tandd.com/news/detail.html?id=780 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-27387, you might also want to check these: