Published: 2022/06/01  Last Updated: 2022/06/01

Information from T&D Corporation

Vulnerability ID:JVN#28659051
Title:T&D Data Server and THERMO RECORDER DATA SERVER vulnerable to directory traversal
Status:Vulnerable

This is a statement from the vendor itself with no modification by JPCERT/CC.

A security vulnerability has been found in "T&D Data Server" and "THERMO RECORDER DATA SERVER" as described below.
We have released fixed software versions that address this vulnerability. See the Fixed Software section below and download the update.


[[Affected Product / Version]]
T&D Data Server / English Version 2.30 or lower
T&D Data Server / Japanese Version 2.22 or lower
THERMO RECORDER DATA SERVER / English Version 2.13 or lower
THERMO RECORDER DATA SERVER / Japanese Version 2.13 or lower


[[Discovered Vulnerability]]
Directory Traversal Issue
Description: The software was able to access existing files(*1) outside the normal operational folders path with the privilege level(*2) at which the software was executed.
*1: Existing files could be opened as read only; folders could not be opened.
*2: Open read only; write, delete, move operations not possible.


[[Update Particulars]]
Implemented a mechanism to remove parameter input that causes directory traversal vulnerabilities when parameters were input to the software.
Implemented a mechanism to allow access only to areas used by the software and prevent access to other areas.
Performed a check for any other potential vulnerabilities and had a vulnerability check performed by a third-party.


[[Solution]]
Please use a fixed version of the software.
If updating to a fixed version is problematic, please restrict access rights (to the computer on which the software is installed) to only trusted computers/users.


[[Fixed Software / Versions]]
T&D Data Server / English version 2.31 and later
T&D Data Server / Japanese version 2.31 and later
THERMO RECORDER DATA SERVER / English Version 2.31 and later
THERMO RECORDER DATA SERVER / Japanese Version 2.31 and later


[[NewsRelease]]
Japanese: https://www.tandd.co.jp/news/detail.html?id=522
English: https://www.tandd.com/news/detail.html?id=696