All the vulnerabilites related to epson - net_config
Vulnerability from fkie_nvd
Published
2020-11-24 07:15
Modified
2024-11-21 05:34
Severity ?
Summary
Untrusted search path vulnerability in the installers of multiple SEIKO EPSON products allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:epson:album_print:-:*:*:*:*:update_program:*:*",
"matchCriteriaId": "48F91F47-D4DB-43A9-85FC-98A52D4656D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epson:color_calibration_utility:-:*:*:*:*:*:*:*",
"matchCriteriaId": "94EE867A-EE2E-469B-875F-B2E11F6508F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epson:colorbase:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AAEFA568-7007-466B-8746-B8AC1B2E74AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epson:colorio_easy_print:-:*:*:*:*:*:*:*",
"matchCriteriaId": "805121F0-EE95-411B-9D8F-217DE202DB4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epson:connect:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB25B1B2-6766-4FF5-BA83-AF4579DE905F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epson:creativity_suite:-:*:*:*:*:*:*:*",
"matchCriteriaId": "41CB4CD9-7A73-4EB5-A22B-EE46C2315732",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epson:e-photo:-:*:*:*:*:camera_raw:*:*",
"matchCriteriaId": "37FF3D98-82FB-4E87-BB64-371D64811C83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epson:e-photo:-:*:*:*:*:picture_motion_browser:*:*",
"matchCriteriaId": "893E9653-D468-4BF5-9F32-E7CAF9C655AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epson:easy_photo_print:-:*:*:*:*:-:*:*",
"matchCriteriaId": "D0FCC3A3-9E02-4CAA-A8B8-B7CA0084D672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epson:easy_photo_print:-:*:*:*:*:camera_raw:*:*",
"matchCriteriaId": "1287AFA1-D572-469D-852C-F2C39798EEB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epson:easy_settings:-:*:*:*:*:office:*:*",
"matchCriteriaId": "3914291A-AF9C-4B97-AF99-FF9BC47961B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epson:imaging_workshop:-:*:*:*:*:*:*:*",
"matchCriteriaId": "757A2598-DFFB-42CC-AF5B-74B54F73FC15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epson:link2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D953E72-77C9-4AD2-9499-03511311E2DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epson:multi-print_quicker:-:*:*:*:*:windows:*:*",
"matchCriteriaId": "68D2A328-0A73-4071-B39A-EC70C43FB03B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epson:net_config:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B9942B4-5EE6-46E3-B9A7-4DAB9DEC868D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epson:net_config_se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C9148DA8-7E6C-4B68-B0BF-6C30E6AA2E03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epson:net_print:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DAFEB911-0397-4598-9125-83B42DF82300",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epson:net_software_development_kit:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C0A183B-3EAB-4CB1-A92C-29814E884FFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epson:photolier:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEAD9BB8-5FC8-4A6E-BA04-0376D2B3829D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epson:photoquicker:-:*:*:*:*:*:*:*",
"matchCriteriaId": "22864077-BA06-48E7-92C4-804C07540D81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epson:photostarter:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "21AF90FB-DC56-4D6D-9B3A-3BD9831B71E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epson:pm-t990_integrated_installer:-:*:*:*:*:windows:*:*",
"matchCriteriaId": "3FAED136-5494-4BAC-86C2-FD78BAAB99C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epson:print:-:*:*:*:*:playmemories_home:*:*",
"matchCriteriaId": "5D975A2B-4A9A-4112-804E-572258A950E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epson:print:-:*:*:*:*:silkypix:*:*",
"matchCriteriaId": "6ACD4EF0-3737-40D3-9241-62F62A42C210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epson:print:-:*:*:*:*:viewnx:*:*",
"matchCriteriaId": "7C1D5774-AB44-4FBE-BE76-A1163E2FE229",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epson:print_image_framer_tool:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23A7DDCC-139F-49DA-B934-E516ABEC39B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epson:print_layout:-:*:*:*:*:photoshop:*:*",
"matchCriteriaId": "E239E07B-97BE-497E-8E23-E7360597CF15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epson:prolab_print:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12C98ECC-AD46-4FA6-8EE5-3D8D40513095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epson:prolab_print:-:*:*:*:*:camera_raw:*:*",
"matchCriteriaId": "3FAA6D17-1E9A-4A03-8180-1E3F4C9DB3CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epson:remote_printer_driver:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9D6E33D-8034-4D1F-96EF-F77D5263DAA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epson:scan_icm_updater:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C67751C5-8A62-4EC1-84B3-0F6D8F7168B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epson:scanner_driver:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21033145-DAB6-479E-972E-D4E06F043D81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epson:web_to_page:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C039FA52-ACEA-4173-9DA5-A79E824D164C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epson:webconfig:-:*:*:*:*:*:*:*",
"matchCriteriaId": "621D2404-C063-4DEC-BD2D-65B01B4BC74A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:epson:universal_print_driver:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D9EFF20-1E2F-45C9-8395-3D8CF1067357",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "82132539-3C34-4B63-BE2A-F51077D8BC5A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:x86:*",
"matchCriteriaId": "60366048-32FE-4081-A852-04319FD7A52C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:epson:status_monitor_2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52E77D28-30B0-459E-B121-5D6D381CFB44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epson:status_monitor_3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0852ABB9-5632-471A-BE1B-A0DBF08DF706",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:epson:ec-01_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "638E1D59-4F3E-4D51-B9D8-02A438B028B3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:epson:ec-01:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A73DE5CB-AFB3-4622-8F87-4842858B8A41",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:epson:print_image_framer_tool:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23A7DDCC-139F-49DA-B934-E516ABEC39B2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_98:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40FC681A-7B85-4495-8DCC-C459FE7E2F13",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_me:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E44D629-D3EB-4F67-BF67-B25910453562",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in the installers of multiple SEIKO EPSON products allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
},
{
"lang": "es",
"value": "Una vulnerabilidad de ruta de b\u00fasqueda no confiable en los instaladores de m\u00faltiples productos SEIKO EPSON, permite a un atacante alcanzar privilegios por medio de una DLL de tipo caballo de Troya en un directorio no especificado"
}
],
"id": "CVE-2020-5674",
"lastModified": "2024-11-21T05:34:27.477",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-11-24T07:15:11.937",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN26835001/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://www.epson.jp/support/misc_t/201119_oshirase.htm"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://www.epson.jp/support/pdf/fy20-001_softwareList_20201106_b.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN26835001/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.epson.jp/support/misc_t/201119_oshirase.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.epson.jp/support/pdf/fy20-001_softwareList_20201106_b.pdf"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2020-5674
Vulnerability from cvelistv5
Published
2020-11-24 06:55
Modified
2024-08-04 08:39
Severity ?
EPSS score ?
Summary
Untrusted search path vulnerability in the installers of multiple SEIKO EPSON products allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.epson.jp/support/misc_t/201119_oshirase.htm | x_refsource_MISC | |
| https://www.epson.jp/support/pdf/fy20-001_softwareList_20201106_b.pdf | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN26835001/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | SEIKO EPSON CORPORATION | the installers of multiple SEIKO EPSON products |
Version: A wide range of versions for the following products are affected -- Epson Web Installer, EPSON printer drivers, EPSON scanner drivers, EPSON Scan ICM Updaters, EPSON Printer Window!3, EPSON Printer Window!2 Firmware update programs, Network configuration utilities, Network print port monitors, Printer monitor SDK, Colorio series, Large-size printer related software, Laser printers, Copy station related software, Dot impact printer related software, Disk duplicator related software, CRYSTARIO related software, SureLab related software, Offirio Synergyware related software, Scanner related software, Digital cameras and Photo viewers related software, Projector related software, and PULSENSE and WristableGPS related software |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:39:25.452Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.epson.jp/support/misc_t/201119_oshirase.htm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.epson.jp/support/pdf/fy20-001_softwareList_20201106_b.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN26835001/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "the installers of multiple SEIKO EPSON products",
"vendor": "SEIKO EPSON CORPORATION",
"versions": [
{
"status": "affected",
"version": "A wide range of versions for the following products are affected -- Epson Web Installer, EPSON printer drivers, EPSON scanner drivers, EPSON Scan ICM Updaters, EPSON Printer Window!3, EPSON Printer Window!2 Firmware update programs, Network configuration utilities, Network print port monitors, Printer monitor SDK, Colorio series, Large-size printer related software, Laser printers, Copy station related software, Dot impact printer related software, Disk duplicator related software, CRYSTARIO related software, SureLab related software, Offirio Synergyware related software, Scanner related software, Digital cameras and Photo viewers related software, Projector related software, and PULSENSE and WristableGPS related software"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in the installers of multiple SEIKO EPSON products allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted search path vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-24T06:55:23",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.epson.jp/support/misc_t/201119_oshirase.htm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.epson.jp/support/pdf/fy20-001_softwareList_20201106_b.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN26835001/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5674",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "the installers of multiple SEIKO EPSON products",
"version": {
"version_data": [
{
"version_value": "A wide range of versions for the following products are affected -- Epson Web Installer, EPSON printer drivers, EPSON scanner drivers, EPSON Scan ICM Updaters, EPSON Printer Window!3, EPSON Printer Window!2 Firmware update programs, Network configuration utilities, Network print port monitors, Printer monitor SDK, Colorio series, Large-size printer related software, Laser printers, Copy station related software, Dot impact printer related software, Disk duplicator related software, CRYSTARIO related software, SureLab related software, Offirio Synergyware related software, Scanner related software, Digital cameras and Photo viewers related software, Projector related software, and PULSENSE and WristableGPS related software"
}
]
}
}
]
},
"vendor_name": "SEIKO EPSON CORPORATION"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in the installers of multiple SEIKO EPSON products allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.epson.jp/support/misc_t/201119_oshirase.htm",
"refsource": "MISC",
"url": "https://www.epson.jp/support/misc_t/201119_oshirase.htm"
},
{
"name": "https://www.epson.jp/support/pdf/fy20-001_softwareList_20201106_b.pdf",
"refsource": "MISC",
"url": "https://www.epson.jp/support/pdf/fy20-001_softwareList_20201106_b.pdf"
},
{
"name": "https://jvn.jp/en/jp/JVN26835001/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN26835001/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5674",
"datePublished": "2020-11-24T06:55:23",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:39:25.452Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}