CVE-2023-27388 – An improper authentication vulnerability in T&D... (How to Fix)

Q: What is the severity of CVE-2023-27388?

CVE-2023-27388 has a CVSS score of 9.8 (CRITICAL). An improper authentication vulnerability in T&D Corporation and ESPEC MIC CORP. data logger products allows remote unauthenticated attackers to log in as registered users. This affects multiple data logger models from both manufacturers across all firmware versions. The vulnerability enables complete authentication bypass without requiring credentials.

📋 TL;DR

An improper authentication vulnerability in T&D Corporation and ESPEC MIC CORP. data logger products allows remote unauthenticated attackers to log in as registered users. This affects multiple data logger models from both manufacturers across all firmware versions. The vulnerability enables complete authentication bypass without requiring credentials.

💻 Affected Systems

Products:

T&D Corporation TR-71W
T&D Corporation TR-72W
T&D Corporation RTR-5W
T&D Corporation WDR-7
T&D Corporation WDR-3
T&D Corporation WS-2
ESPEC MIC CORP. RT-12N
ESPEC MIC CORP. RS-12N
ESPEC MIC CORP. RT-22BN
ESPEC MIC CORP. TEU-12N

Versions: All firmware versions

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All firmware versions of listed products are vulnerable. No specific configuration makes devices immune.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of data logging systems allowing unauthorized access to sensitive environmental/industrial data, potential data manipulation, and use as pivot points into connected networks.

🟠

Likely Case

Unauthorized access to monitoring data, potential data tampering, and exposure of sensitive industrial/environmental information.

🟢

If Mitigated

Limited impact if devices are isolated in air-gapped networks with strict network segmentation and access controls.

🌐 Internet-Facing: HIGH - Directly exploitable over network without authentication, CVSS 9.8 indicates critical risk for internet-exposed devices.

🏢 Internal Only: HIGH - Even internally, attackers with network access can exploit without credentials, though network segmentation reduces exposure.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW - Authentication bypass typically requires minimal technical skill once method is known.

Vulnerability details are public but no proof-of-concept exploit code has been published. The authentication bypass nature makes exploitation straightforward.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: None available

Vendor Advisory: https://www.tandd.com/news/detail.html?id=780

Restart Required: No

Instructions:

No firmware patches available. Contact vendors for potential hardware replacement or mitigation guidance.

🔧 Temporary Workarounds

Network Isolation

all

Place affected devices in isolated network segments with strict firewall rules.

Access Control Lists

all

Implement strict IP-based access controls to limit connections to trusted sources only.

🧯 If You Can't Patch

Segment affected devices in dedicated VLANs with no internet access
Implement strict firewall rules allowing only necessary traffic from authorized management stations

🔍 How to Verify

Check if Vulnerable:

Check device model against affected products list. Attempt authentication bypass via documented methods if available.

Check Version:

Check device web interface or serial console for firmware version information

Verify Fix Applied:

No fix available to verify. Verify network controls are properly implemented instead.

📡 Detection & Monitoring

Log Indicators:

Failed login attempts followed by successful logins from same IP
Authentication logs showing successful logins without credential validation
Access from unexpected IP addresses

Network Indicators:

Unauthenticated HTTP/HTTPS requests to login endpoints
Traffic patterns suggesting authentication bypass

SIEM Query:

source="data_logger" AND (event_type="authentication" AND result="success" AND auth_method="none")

📊 Metadata

CVE ID: CVE-2023-27388

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-287

Published: May 23, 2023

Last Updated: January 31, 2025

🔗 References

https://jvn.jp/en/jp/JVN14778242/ Third Party Advisory
https://www.monitoring.especmic.co.jp/post/VulnerabilityInRT-12N_RS-12N_RT-22BNandTEU-12N Vendor Advisory
https://www.tandd.com/news/detail.html?id=780 Vendor Advisory
https://jvn.jp/en/jp/JVN14778242/ Third Party Advisory
https://www.monitoring.especmic.co.jp/post/VulnerabilityInRT-12N_RS-12N_RT-22BNandTEU-12N Vendor Advisory
https://www.tandd.com/news/detail.html?id=780 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-27388, you might also want to check these: