Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
37 vulnerabilities by SEIKO EPSON CORPORATION
JVNDB-2026-006102
Vulnerability from jvndb - Published: 2026-03-06 10:31 - Updated:2026-03-06 10:31Summary
Security issues in ESC/POS
Details
ESC/POS is a printer control language designed by Seiko Epson Corporation for controlling POS printers and related devices. The following security issues have been identified with ESC/POS.
Products implementing ESC/POS need to be designed and operated with consideration of the following security issues:
Missing authentication for critical function (CWE-306)
ESC/POS does not define any mechanisms for user authentication or command authorization. Consequently, printers accepting ESC/POS commands over a network have no restrictions on connections, allowing commands to be sent from any host on the network.
Improper access control (CWE-284)
ESC/POS does not define any mechanisms to restrict origins or destinations of communication. Many printers listen for ESC/POS communication on TCP port 9100 by default, potentially allowing access from any host on the network.
Cleartext transmission of sensitive information (CWE-319)
ESC/POS command transmission does not provide encryption or integrity protection mechanisms, and communicate is performed in plaintext. Consequently, attackers on the same network could be able to intercept or tamper with transmitted data.
JPCERT/CC has assigned CVE-2026-23767 to the vulnerability originating from the ESC/POS specification.
This document was written by Seiko Epson Corporation and JPCERT/CC.
The issue regarding the lack of an authentication mechanism was reported to Seiko Epson Corporation by Michael Cook (FutileSkills), and coordinated by JPCERT/CC.
References
| Type | URL | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-006102.html",
"dc:date": "2026-03-06T10:31+09:00",
"dcterms:issued": "2026-03-06T10:31+09:00",
"dcterms:modified": "2026-03-06T10:31+09:00",
"description": "ESC/POS is a printer control language designed by Seiko Epson Corporation for controlling POS printers and related devices. The following security issues have been identified with ESC/POS.\r\nProducts implementing ESC/POS need to be designed and operated with consideration of the following security issues:\r\n\r\nMissing authentication for critical function (CWE-306)\r\nESC/POS does not define any mechanisms for user authentication or command authorization. Consequently, printers accepting ESC/POS commands over a network have no restrictions on connections, allowing commands to be sent from any host on the network.\r\n\r\nImproper access control (CWE-284)\r\nESC/POS does not define any mechanisms to restrict origins or destinations of communication. Many printers listen for ESC/POS communication on TCP port 9100 by default, potentially allowing access from any host on the network.\r\n\r\nCleartext transmission of sensitive information (CWE-319)\r\nESC/POS command transmission does not provide encryption or integrity protection mechanisms, and communicate is performed in plaintext. Consequently, attackers on the same network could be able to intercept or tamper with transmitted data.\r\n\r\nJPCERT/CC has assigned CVE-2026-23767 to the vulnerability originating from the ESC/POS specification.\r\nThis document was written by Seiko Epson Corporation and JPCERT/CC.\r\nThe issue regarding the lack of an authentication mechanism was reported to Seiko Epson Corporation by Michael Cook (FutileSkills), and coordinated by JPCERT/CC.",
"link": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-006102.html",
"sec:cpe": {
"#text": "cpe:/a:epson:multiple_product",
"@product": "(Multiple Products)",
"@vendor": "SEIKO EPSON CORPORATION",
"@version": "2.2"
},
"sec:identifier": "JVNDB-2026-006102",
"sec:references": [
{
"#text": "https://jvn.jp/en/ta/JVNTA97995322/index.html",
"@id": "JVNTA#97995322",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-23767",
"@id": "CVE-2026-23767",
"@source": "CVE"
},
{
"#text": "https://cwe.mitre.org/data/definitions/284.html",
"@id": "CWE-284",
"@title": "Improper Access Control(CWE-284)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/306.html",
"@id": "CWE-306",
"@title": "Missing Authentication for Critical Function(CWE-306)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/319.html",
"@id": "CWE-319",
"@title": "Cleartext Transmission of Sensitive Information(CWE-319)"
}
],
"title": "Security issues in ESC/POS"
}
JVNDB-2025-000117
Vulnerability from jvndb - Published: 2025-12-16 15:31 - Updated:2025-12-23 11:57
Severity
Summary
SEIKO EPSON printer Web Config vulnerable to stack-based buffer overflow
Details
Web Config is software installed on multiple SEIKO EPSON printers which allows users to check the status and change the settings via a web browser.
Web Config contains the following vulnerability.
- Stack-based buffer overflow (CWE-121) - CVE-2025-66635
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000117.html",
"dc:date": "2025-12-23T11:57+09:00",
"dcterms:issued": "2025-12-16T15:31+09:00",
"dcterms:modified": "2025-12-23T11:57+09:00",
"description": "Web Config is software installed on multiple SEIKO EPSON printers which allows users to check the status and change the settings via a web browser.\r\nWeb Config contains the following vulnerability.\u003cul\u003e\u003cli\u003eStack-based buffer overflow (CWE-121) - CVE-2025-66635\u003c/li\u003e\u003c/ul\u003eShogo Iyota of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000117.html",
"sec:cpe": {
"#text": "cpe:/a:epson:web_config",
"@product": "Web Config",
"@vendor": "SEIKO EPSON CORPORATION",
"@version": "2.2"
},
"sec:cvss": {
"@score": "7.2",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-000117",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN51846148/index.html",
"@id": "JVN#51846148",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-66635",
"@id": "CVE-2025-66635",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "SEIKO EPSON printer Web Config vulnerable to stack-based buffer overflow"
}
JVNDB-2025-019621
Vulnerability from jvndb - Published: 2025-11-21 15:31 - Updated:2025-12-24 10:54
Severity
Summary
EPSON WebConfig / Epson Web Control for SEIKO EPSON Projector Products do not restrict excessive authentication attempts
Details
EPSON WebConfig / Epson Web Control for SEIKO EPSON Projector Products provided by SEIKO EPSON CORPORATION contain the following vulnerability.
- Improper restriction of excessive authentication attempts (CWE-307) - CVE-2025-64310
References
| Type | URL | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-019621.html",
"dc:date": "2025-12-24T10:54+09:00",
"dcterms:issued": "2025-11-21T15:31+09:00",
"dcterms:modified": "2025-12-24T10:54+09:00",
"description": "EPSON WebConfig / Epson Web Control for SEIKO EPSON Projector Products provided by SEIKO EPSON CORPORATION contain the following vulnerability.\u003cul\u003e\u003cli\u003eImproper restriction of excessive authentication attempts (CWE-307) - CVE-2025-64310\u003c/li\u003e\u003c/ul\u003e\r\nVladislav Khegay and Aigerim Alibek of Astana IT University reported this vulnerability to SEIKO EPSON CORPORATION and coordinated. SEIKO EPSON CORPORATION and JPCERT/CC published respective advisories in order to notify users of this vulnerability.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-019621.html",
"sec:cpe": {
"#text": "cpe:/a:epson:multiple_product",
"@product": "(Multiple Products)",
"@vendor": "SEIKO EPSON CORPORATION",
"@version": "2.2"
},
"sec:cvss": {
"@score": "9.8",
"@severity": "Critical",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-019621",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU95021911/index.html",
"@id": "JVNVU#95021911",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-64310",
"@id": "CVE-2025-64310",
"@source": "CVE"
},
{
"#text": "https://cwe.mitre.org/data/definitions/307.html",
"@id": "CWE-307",
"@title": "Improper Restriction of Excessive Authentication Attempts(CWE-307)"
}
],
"title": "EPSON WebConfig / Epson Web Control for SEIKO EPSON Projector Products do not restrict excessive authentication attempts"
}
JVNDB-2025-010972
Vulnerability from jvndb - Published: 2025-08-08 14:50 - Updated:2025-08-08 14:50
Severity
Summary
Multiple SEIKO EPSON products use weak initial passwords
Details
Multiple SEIKO EPSON products contain the following vulnerability.
- Use of weak credentials (CWE-1391) - CVE-2025-35970
- The initial administrator password is easy to guess from the information available via SNMP
References
| Type | URL | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-010972.html",
"dc:date": "2025-08-08T14:50+09:00",
"dcterms:issued": "2025-08-08T14:50+09:00",
"dcterms:modified": "2025-08-08T14:50+09:00",
"description": "Multiple SEIKO EPSON products contain the following vulnerability.\r\n\u003cul\u003e\u003cli\u003eUse of weak credentials (CWE-1391) - CVE-2025-35970\u003c/li\u003e\r\n\u003cul\u003e\u003cli\u003eThe initial administrator password is easy to guess from the information available via SNMP\u003c/li\u003e\u003c/ul\u003e\r\n\u003c/ul\u003e\r\nSEIKO EPSON CORPORATION reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-010972.html",
"sec:cpe": {
"#text": "cpe:/a:epson:multiple_product",
"@product": "(Multiple Products)",
"@vendor": "SEIKO EPSON CORPORATION",
"@version": "2.2"
},
"sec:cvss": {
"@score": "7.5",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-010972",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU91363496/index.html",
"@id": "JVNVU#91363496",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-35970",
"@id": "CVE-2025-35970",
"@source": "CVE"
},
{
"#text": "https://cwe.mitre.org/data/definitions/1391.html",
"@id": "CWE-1391",
"@title": "Use of Weak Credentials(CWE-1391)"
}
],
"title": "Multiple SEIKO EPSON products use weak initial passwords"
}
JVNDB-2025-008145
Vulnerability from jvndb - Published: 2025-07-08 14:08 - Updated:2025-07-08 14:08
Severity
Summary
Epson Web Installer for Mac vulnerable to missing authentication for critical function
Details
Epson Web Installer for Mac provided by SEIKO EPSON CORPORATION contains a missing authentication for critical function vulnerability.
Epson Web Installer for Mac provided by SEIKO EPSON CORPORATION is used to install drivers for SEIKO EPSON's products. It contains "helper tool" and launches it in the middle of the execution.
"helper tool" contains the following vulnerability.
- Missing authentication for critical function (CWE-306) - CVE-2025-4960
- This is exploitable only while "helper tool" is running.
References
| Type | URL | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-008145.html",
"dc:date": "2025-07-08T14:08+09:00",
"dcterms:issued": "2025-07-08T14:08+09:00",
"dcterms:modified": "2025-07-08T14:08+09:00",
"description": "Epson Web Installer for Mac provided by SEIKO EPSON CORPORATION contains a missing authentication for critical function vulnerability.\r\nEpson Web Installer for Mac provided by SEIKO EPSON CORPORATION is used to install drivers for SEIKO EPSON\u0027s products. It contains \"helper tool\" and launches it in the middle of the execution.\r\n\r\n\"helper tool\" contains the following vulnerability.\r\n\u003cul\u003e\u003cli\u003eMissing authentication for critical function (CWE-306) - CVE-2025-4960\u003c/li\u003e\r\n\u003cul\u003e\u003cli\u003eThis is exploitable only while \"helper tool\" is running.\u003c/li\u003e\u003c/ul\u003e\r\n\u003c/ul\u003e\r\nCarlos Garrido of Pentraze Cybersecurity reported this vulnerability to SEIKO EPSON CORPORATION and coordinated. After the coordination was completed, SEIKO EPSON CORPORATION reported the case to JPCERT/CC to notify users of the solution through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-008145.html",
"sec:cpe": {
"#text": "cpe:/a:epson:multiple_product",
"@product": "(Multiple Products)",
"@vendor": "SEIKO EPSON CORPORATION",
"@version": "2.2"
},
"sec:cvss": {
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-008145",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU93543156/index.html",
"@id": "JVNVU#93543156",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-4960",
"@id": "CVE-2025-4960",
"@source": "CVE"
},
{
"#text": "https://cwe.mitre.org/data/definitions/306.html",
"@id": "CWE-306",
"@title": "Missing Authentication for Critical Function(CWE-306)"
}
],
"title": "Epson Web Installer for Mac vulnerable to missing authentication for critical function"
}
JVNDB-2025-004079
Vulnerability from jvndb - Published: 2025-04-30 11:46 - Updated:2025-04-30 11:46
Severity
Summary
Improper access permission settings in multiple SEIKO EPSON printer drivers for Windows OS
Details
Multiple SEIKO EPSON printer drivers for Windows OS are configured with an improper access permission settings when installed or used in a language other than English.
* Incorrect default permissions (CWE-276) - CVE-2025-42598
Private security researcher Erkan Ekici reported this vulnerability to the developer and coordinated. The developer and JPCERT/CC published respective advisories in order to notify users of this vulnerability.
References
| Type | URL | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-004079.html",
"dc:date": "2025-04-30T11:46+09:00",
"dcterms:issued": "2025-04-30T11:46+09:00",
"dcterms:modified": "2025-04-30T11:46+09:00",
"description": "Multiple SEIKO EPSON printer drivers for Windows OS are configured with an improper access permission settings when installed or used in a language other than English.\r\n\r\n* Incorrect default permissions (CWE-276) - CVE-2025-42598\r\n\r\nPrivate security researcher Erkan Ekici reported this vulnerability to the developer and coordinated. The developer and JPCERT/CC published respective advisories in order to notify users of this vulnerability.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-004079.html",
"sec:cpe": {
"#text": "cpe:/a:epson:multiple_product",
"@product": "(Multiple Products)",
"@vendor": "SEIKO EPSON CORPORATION",
"@version": "2.2"
},
"sec:cvss": {
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-004079",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU90649144/index.html",
"@id": "JVNVU#90649144",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-42598",
"@id": "CVE-2025-42598",
"@source": "CVE"
},
{
"#text": "https://cwe.mitre.org/data/definitions/276.html",
"@id": "CWE-276",
"@title": "Incorrect Default Permissions(CWE-276)"
}
],
"title": "Improper access permission settings in multiple SEIKO EPSON printer drivers for Windows OS"
}
JVNDB-2024-009481
Vulnerability from jvndb - Published: 2024-10-01 14:14 - Updated:2024-11-12 10:25
Severity
Summary
Insecure initial password configuration issue in SEIKO EPSON Web Config
Details
Web Config is software that allows users to check the status and change the settings of SEIKO EPSON products, e.g., printers and scanners, via a web browser. In the initial setting no administrative password is set, and when a user connects the device and configures Web Config settings for the first time, the user is requested to set the password.
Therefore, when a product is connected to network without the Web Config settings configured, arbitrary password may be set and the device may be operated with an administrative privilege by an attacker (CWE-1188).
George Puckett reported this vulnerability to CERT/CC.
Requested by CERT/CC, JPCERT/CC coordinated with the developer.
References
| Type | URL | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-009481.html",
"dc:date": "2024-11-12T10:25+09:00",
"dcterms:issued": "2024-10-01T14:14+09:00",
"dcterms:modified": "2024-11-12T10:25+09:00",
"description": "Web Config is software that allows users to check the status and change the settings of SEIKO EPSON products, e.g., printers and scanners, via a web browser. In the initial setting no administrative password is set, and when a user connects the device and configures Web Config settings for the first time, the user is requested to set the password.\r\nTherefore, when a product is connected to network without the Web Config settings configured, arbitrary password may be set and the device may be operated with an administrative privilege by an attacker (CWE-1188).\r\n\r\nGeorge Puckett reported this vulnerability to CERT/CC.\r\nRequested by CERT/CC, JPCERT/CC coordinated with the developer.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-009481.html",
"sec:cpe": {
"#text": "cpe:/a:epson:web_config",
"@product": "Web Config",
"@vendor": "SEIKO EPSON CORPORATION",
"@version": "2.2"
},
"sec:cvss": {
"@score": "8.1",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2024-009481",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU95133448/index.html",
"@id": "JVNVU#95133448",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=\tCVE-2024-47295",
"@id": "CVE-2024-47295",
"@source": "CVE"
},
{
"#text": "https://cwe.mitre.org/data/definitions/1188.html",
"@id": "CWE-1188",
"@title": "Insecure Default Initialization of Resource(CWE-1188)"
}
],
"title": "Insecure initial password configuration issue in SEIKO EPSON Web Config"
}
JVNDB-2023-000076
Vulnerability from jvndb - Published: 2023-08-02 14:55 - Updated:2024-04-19 17:27
Severity
Summary
SEIKO EPSON printer Web Config vulnerable to denial-of-service (DoS)
Details
SEIKO EPSON printer Web Config contains a denial-of-service (DoS) vulnerability due to improper input validation (CWE-20).
SEIKO EPSON CORPORATION reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and SEIKO EPSON CORPORATION coordinated under the Information Security Early Warning Partnership.
References
| Type | URL | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000076.html",
"dc:date": "2024-04-19T17:27+09:00",
"dcterms:issued": "2023-08-02T14:55+09:00",
"dcterms:modified": "2024-04-19T17:27+09:00",
"description": "SEIKO EPSON printer Web Config contains a denial-of-service (DoS) vulnerability due to improper input validation (CWE-20).\r\n\r\nSEIKO EPSON CORPORATION reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and SEIKO EPSON CORPORATION coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000076.html",
"sec:cpe": {
"#text": "cpe:/a:epson:web_config",
"@product": "Web Config",
"@vendor": "SEIKO EPSON CORPORATION",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"@version": "2.0"
},
{
"@score": "7.5",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2023-000076",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN61337171/index.html",
"@id": "JVN#61337171",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-38556",
"@id": "CVE-2023-38556",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-38556",
"@id": "CVE-2023-38556",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
}
],
"title": "SEIKO EPSON printer Web Config vulnerable to denial-of-service (DoS)"
}
JVNDB-2023-000022
Vulnerability from jvndb - Published: 2023-03-08 15:09 - Updated:2024-06-03 17:36
Severity
Summary
Multiple vulnerabilities in SEIKO EPSON printers/network interface Web Config
Details
Web Config for printers/network interface provided by SEIKO EPSON CORPORATION contains multiple vulnerabilities listed below.
Stored cross-site Scripting (CWE-79) - CVE-2023-23572
Cross-Site Request Forgery (CWE-352) - CVE-2023-27520
Takaya Noma, Yudai Morii, Hiroki Yasui, Takayuki Sasaki, and Katsunari Yoshioka of Yokohama National University reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000022.html",
"dc:date": "2024-06-03T17:36+09:00",
"dcterms:issued": "2023-03-08T15:09+09:00",
"dcterms:modified": "2024-06-03T17:36+09:00",
"description": "Web Config for printers/network interface provided by SEIKO EPSON CORPORATION contains multiple vulnerabilities listed below.\r\n\u003cli\u003eStored cross-site Scripting (CWE-79) - CVE-2023-23572\r\n\u003cli\u003eCross-Site Request Forgery (CWE-352) - CVE-2023-27520\r\n\r\nTakaya Noma, Yudai Morii, Hiroki Yasui, Takayuki Sasaki, and Katsunari Yoshioka of Yokohama National University reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000022.html",
"sec:cpe": {
"#text": "cpe:/a:epson:web_config",
"@product": "Web Config",
"@vendor": "SEIKO EPSON CORPORATION",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "3.5",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2023-000022",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN82424996/index.html",
"@id": "JVN#82424996",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-27520",
"@id": "CVE-2023-27520",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-23572",
"@id": "CVE-2023-23572",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-23572",
"@id": "CVE-2023-23572",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-27520",
"@id": "CVE-2023-27520",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Multiple vulnerabilities in SEIKO EPSON printers/network interface Web Config"
}
JVNDB-2020-000086
Vulnerability from jvndb - Published: 2020-12-18 16:47 - Updated:2020-12-18 16:47
Severity
Summary
Self-Extracting files created by multiple SEIKO EPSON products may insecurely load Dynamic Link Libraries
Details
Self-Extracting files created by multiple SEIKO EPSON products contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
SEIKO EPSON CORPORATION reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and SEIKO EPSON CORPORATION coordinated under the Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000086.html",
"dc:date": "2020-12-18T16:47+09:00",
"dcterms:issued": "2020-12-18T16:47+09:00",
"dcterms:modified": "2020-12-18T16:47+09:00",
"description": "Self-Extracting files created by multiple SEIKO EPSON products contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).\r\n\r\nSEIKO EPSON CORPORATION reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and SEIKO EPSON CORPORATION coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000086.html",
"sec:cpe": [
{
"#text": "cpe:/a:epson:epsonnet_setupmanager",
"@product": "EpsonNet SetupManager",
"@vendor": "SEIKO EPSON CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/a:epson:offirio_synergyware_printdirector",
"@product": "Offirio SynergyWare PrintDirector",
"@vendor": "SEIKO EPSON CORPORATION",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2020-000086",
"sec:references": [
{
"#text": "https://jvn.jp/en/ta/JVNTA91240916/",
"@id": "JVNTA#91240916",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/en/jp/JVN94244575/index.html",
"@id": "JVN#94244575",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5681",
"@id": "CVE-2020-5681",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5681",
"@id": "CVE-2020-5681",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Self-Extracting files created by multiple SEIKO EPSON products may insecurely load Dynamic Link Libraries"
}
CVE-2026-23767 (GCVE-0-2026-23767)
Vulnerability from nvd – Published: 2026-03-05 05:34 – Updated: 2026-03-06 10:21
VLAI
Summary
ESC/POS, a printer control language designed by Seiko Epson Corporation, lacks mechanisms for user authentication and command authorization, does not provide controls to restrict sources or destinations of network communication, and transmits commands without encryption or integrity protection.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-306 - Missing authentication for critical function
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Seiko Epson Corporation | ESC/POS |
Affected:
All products implementing ESC/POS
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-23767",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-06T10:20:45.963541Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-06T10:21:28.591Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ESC/POS",
"vendor": "Seiko Epson Corporation",
"versions": [
{
"status": "affected",
"version": "All products implementing ESC/POS"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ESC/POS, a printer control language designed by Seiko Epson Corporation, lacks mechanisms for user authentication and command authorization, does not provide controls to restrict sources or destinations of network communication, and transmits commands without encryption or integrity protection."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "Missing authentication for critical function",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T05:34:40.895Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.epson.jp/support/misc_t/260305_oshirase.htm"
},
{
"url": "https://download4.epson.biz/sec_pubs/bs/pdf/IP_Filtering_Guide_en_revA.pdf"
},
{
"url": "https://jvn.jp/en/ta/JVNTA97995322/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2026-23767",
"datePublished": "2026-03-05T05:34:40.895Z",
"dateReserved": "2026-01-16T02:20:20.477Z",
"dateUpdated": "2026-03-06T10:21:28.591Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66635 (GCVE-0-2025-66635)
Vulnerability from nvd – Published: 2025-12-16 06:59 – Updated: 2025-12-22 02:27
VLAI
Summary
Stack-based buffer overflow vulnerability exists in SEIKO EPSON Web Config. Specially crafted data input by a logged-in user may execute arbitrary code. As for the details of the affected products and versions, see the information provided by the vendor under [References].
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based buffer overflow
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SEIKO EPSON CORPORATION | Web Config |
Affected:
See the information/details provided by the vendor
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66635",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-16T21:32:37.175744Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T21:32:43.584Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Web Config",
"vendor": "SEIKO EPSON CORPORATION",
"versions": [
{
"status": "affected",
"version": "See the information/details provided by the vendor"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow vulnerability exists in SEIKO EPSON Web Config. Specially crafted data input by a logged-in user may execute arbitrary code. As for the details of the affected products and versions, see the information provided by the vendor under [References]."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based buffer overflow",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-22T02:27:45.711Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.epson.jp/support/misc_t/251216_oshirase.htm"
},
{
"url": "https://epson.com/Support/wa00971"
},
{
"url": "https://jvn.jp/en/jp/JVN51846148/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-66635",
"datePublished": "2025-12-16T06:59:25.611Z",
"dateReserved": "2025-12-10T06:27:24.088Z",
"dateUpdated": "2025-12-22T02:27:45.711Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64310 (GCVE-0-2025-64310)
Vulnerability from nvd – Published: 2025-11-21 02:36 – Updated: 2025-12-23 02:28
VLAI
Summary
EPSON WebConfig and Epson Web Control for SEIKO EPSON Projector Products do not restrict excessive authentication attempts. An administrative user's password may be identified through a brute force attack.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-307 - Improper restriction of excessive authentication attempts
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| SEIKO EPSON CORPORATION | EPSON WebConfig for SEIKO EPSON Projector Products |
Affected:
see the information provided by the vendor
|
|
| SEIKO EPSON CORPORATION | Epson Web Control for SEIKO EPSON Projector Products |
Affected:
see the information provided by the vendor
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64310",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-21T14:46:33.297574Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-21T14:58:53.483Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "EPSON WebConfig for SEIKO EPSON Projector Products",
"vendor": "SEIKO EPSON CORPORATION",
"versions": [
{
"status": "affected",
"version": "see the information provided by the vendor"
}
]
},
{
"product": "Epson Web Control for SEIKO EPSON Projector Products",
"vendor": "SEIKO EPSON CORPORATION",
"versions": [
{
"status": "affected",
"version": "see the information provided by the vendor"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "EPSON WebConfig and Epson Web Control for SEIKO EPSON Projector Products do not restrict excessive authentication attempts. An administrative user\u0027s password may be identified through a brute force attack."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-307",
"description": "Improper restriction of excessive authentication attempts",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-23T02:28:01.044Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.epson.co.uk/en_GB/faq/KA-02041/contents?loc=en-us"
},
{
"url": "https://www.epson.jp/support/misc_t/251120_oshirase.htm"
},
{
"url": "https://jvn.jp/en/vu/JVNVU95021911/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-64310",
"datePublished": "2025-11-21T02:36:35.115Z",
"dateReserved": "2025-10-30T00:25:25.443Z",
"dateUpdated": "2025-12-23T02:28:01.044Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-42598 (GCVE-0-2025-42598)
Vulnerability from nvd – Published: 2025-04-28 08:20 – Updated: 2025-04-28 16:10
VLAI
Summary
Multiple SEIKO EPSON printer drivers for Windows OS are configured with an improper access permission settings when installed or used in a language other than English. If a user is directed to place a crafted DLL file in a location of an attacker's choosing, the attacker may execute arbitrary code with SYSTEM privilege on a Windows system on which the printer driver is installed.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-276 - Incorrect default permissions
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SEIKO EPSON CORPORATION | SEIKO EPSON printer drivers for Windows OS |
Affected:
see the information provided by SEIKO EPSON CORPORATION.
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-42598",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-28T16:06:33.551722Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T16:10:51.558Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SEIKO EPSON printer drivers for Windows OS",
"vendor": "SEIKO EPSON CORPORATION",
"versions": [
{
"status": "affected",
"version": "see the information provided by SEIKO EPSON CORPORATION."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple SEIKO EPSON printer drivers for Windows OS are configured with an improper access permission settings when installed or used in a language other than English. If a user is directed to place a crafted DLL file in a location of an attacker\u0027s choosing, the attacker may execute arbitrary code with SYSTEM privilege on a Windows system on which the printer driver is installed."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "Incorrect default permissions",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T08:20:56.756Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.epson.co.uk/en_GB/faq/KA-01993/contents?loc=en-us"
},
{
"url": "https://www.epson.jp/support/misc_t/250428_oshirase.htm"
},
{
"url": "https://www2.epson.jp/support/misc_t/windrv_productlist.pdf"
},
{
"url": "https://jvn.jp/en/vu/JVNVU90649144/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-42598",
"datePublished": "2025-04-28T08:20:56.756Z",
"dateReserved": "2025-04-16T11:56:26.983Z",
"dateUpdated": "2025-04-28T16:10:51.558Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47295 (GCVE-0-2024-47295)
Vulnerability from nvd – Published: 2024-10-01 03:16 – Updated: 2024-11-11 07:15
VLAI
Summary
Insecure initial password configuration issue in SEIKO EPSON Web Config allows a remote unauthenticated attacker to set an arbitrary password and operate the device with an administrative privilege. As for the details of the affected versions, see the information provided by the vendor under [References].
Severity
8.1 (High)
8.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-1188 - Initialization of a resource with an insecure default
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| SEIKO EPSON CORPORATION | Web Config |
Affected:
See the information/details provided by the vendor
|
|
| seiko_epson_corporation | web_config |
Affected:
0 , < *
(custom)
cpe:2.3:a:seiko_epson_corporation:web_config:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:seiko_epson_corporation:web_config:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "web_config",
"vendor": "seiko_epson_corporation",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-47295",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-01T14:01:15.326202Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-01T14:01:18.787Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Web Config",
"vendor": "SEIKO EPSON CORPORATION",
"versions": [
{
"status": "affected",
"version": "See the information/details provided by the vendor"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insecure initial password configuration issue in SEIKO EPSON Web Config allows a remote unauthenticated attacker to set an arbitrary password and operate the device with an administrative privilege. As for the details of the affected versions, see the information provided by the vendor under [References]."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1188",
"description": "Initialization of a resource with an insecure default",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-11T07:15:21.646Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://epson.com/Support/wa00958"
},
{
"url": "https://www.epson.jp/support/misc_t/240930_03_oshirase.htm"
},
{
"url": "https://jvn.jp/en/vu/JVNVU95133448/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-47295",
"datePublished": "2024-10-01T03:16:40.052Z",
"dateReserved": "2024-09-24T08:32:15.357Z",
"dateUpdated": "2024-11-11T07:15:21.646Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38556 (GCVE-0-2023-38556)
Vulnerability from nvd – Published: 2023-08-02 07:19 – Updated: 2024-10-21 20:04
VLAI
Summary
Improper input validation vulnerability in SEIKO EPSON printer Web Config allows a remote attacker to turned off the printer.
[Note] Web Config is the software that allows users to check the status and change the settings of SEIKO EPSON printers via a web browser. Web Config is pre-installed in some printers provided by SEIKO EPSON CORPORATION. For the details of the affected product names/model numbers, refer to the information provided by the vendor.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Improper input validation
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SEIKO EPSON CORPORATION | SEIKO EPSON printer Web Config |
Affected:
unspecified
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:46:56.431Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.epson.jp/support/misc_t/230802_oshirase.htm"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN61337171/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38556",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T20:04:30.379958Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T20:04:46.984Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SEIKO EPSON printer Web Config",
"vendor": "SEIKO EPSON CORPORATION",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation vulnerability in SEIKO EPSON printer Web Config allows a remote attacker to turned off the printer.\r\n[Note] Web Config is the software that allows users to check the status and change the settings of SEIKO EPSON printers via a web browser. Web Config is pre-installed in some printers provided by SEIKO EPSON CORPORATION. For the details of the affected product names/model numbers, refer to the information provided by the vendor."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper input validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-02T07:19:26.549Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.epson.jp/support/misc_t/230802_oshirase.htm"
},
{
"url": "https://jvn.jp/en/jp/JVN61337171/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-38556",
"datePublished": "2023-08-02T07:19:26.549Z",
"dateReserved": "2023-07-20T05:02:21.624Z",
"dateUpdated": "2024-10-21T20:04:46.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-27520 (GCVE-0-2023-27520)
Vulnerability from nvd – Published: 2023-04-11 00:00 – Updated: 2025-02-10 21:27
VLAI
Summary
Cross-site request forgery (CSRF) vulnerability in SEIKO EPSON printers/network interface Web Config allows a remote unauthenticated attacker to hijack the authentication and perform unintended operations by having a logged-in user view a malicious page. [Note] Web Config is the software that allows users to check the status and change the settings of SEIKO EPSON printers/network interface via a web browser. According to SEIKO EPSON CORPORATION, it is also called as Remote Manager in some products. Web Config is pre-installed in some printers/network interface provided by SEIKO EPSON CORPORATION. For the details of the affected product names/model numbers, refer to the information provided by the vendor.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Cross-site request forgery
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SEIKO EPSON CORPORATION | SEIKO EPSON printers/network interface Web Config |
Affected:
unspecified
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:16:35.577Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.epson.jp/support/misc_t/230308_oshirase.htm"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN82424996/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-27520",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-10T21:27:03.425152Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-10T21:27:09.702Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SEIKO EPSON printers/network interface Web Config",
"vendor": "SEIKO EPSON CORPORATION",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in SEIKO EPSON printers/network interface Web Config allows a remote unauthenticated attacker to hijack the authentication and perform unintended operations by having a logged-in user view a malicious page. [Note] Web Config is the software that allows users to check the status and change the settings of SEIKO EPSON printers/network interface via a web browser. According to SEIKO EPSON CORPORATION, it is also called as Remote Manager in some products. Web Config is pre-installed in some printers/network interface provided by SEIKO EPSON CORPORATION. For the details of the affected product names/model numbers, refer to the information provided by the vendor."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site request forgery",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-11T00:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.epson.jp/support/misc_t/230308_oshirase.htm"
},
{
"url": "https://jvn.jp/en/jp/JVN82424996/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-27520",
"datePublished": "2023-04-11T00:00:00.000Z",
"dateReserved": "2023-03-02T00:00:00.000Z",
"dateUpdated": "2025-02-10T21:27:09.702Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-23572 (GCVE-0-2023-23572)
Vulnerability from nvd – Published: 2023-04-11 00:00 – Updated: 2025-02-11 15:51
VLAI
Summary
Cross-site scripting vulnerability in SEIKO EPSON printers/network interface Web Config allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script. [Note] Web Config is the software that allows users to check the status and change the settings of SEIKO EPSON printers/network interface via a web browser. According to SEIKO EPSON CORPORATION, it is also called as Remote Manager in some products. Web Config is pre-installed in some printers/network interface provided by SEIKO EPSON CORPORATION. For the details of the affected product names/model numbers, refer to the information provided by the vendor.
Severity
4.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Cross-site scripting
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SEIKO EPSON CORPORATION | SEIKO EPSON printers/network interface Web Config |
Affected:
unspecified
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:35:33.453Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.epson.jp/support/misc_t/230308_oshirase.htm"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN82424996/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-23572",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T15:50:11.024574Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T15:51:26.574Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SEIKO EPSON printers/network interface Web Config",
"vendor": "SEIKO EPSON CORPORATION",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in SEIKO EPSON printers/network interface Web Config allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script. [Note] Web Config is the software that allows users to check the status and change the settings of SEIKO EPSON printers/network interface via a web browser. According to SEIKO EPSON CORPORATION, it is also called as Remote Manager in some products. Web Config is pre-installed in some printers/network interface provided by SEIKO EPSON CORPORATION. For the details of the affected product names/model numbers, refer to the information provided by the vendor."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-11T00:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.epson.jp/support/misc_t/230308_oshirase.htm"
},
{
"url": "https://jvn.jp/en/jp/JVN82424996/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-23572",
"datePublished": "2023-04-11T00:00:00.000Z",
"dateReserved": "2023-03-02T00:00:00.000Z",
"dateUpdated": "2025-02-11T15:51:26.574Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5681 (GCVE-0-2020-5681)
Vulnerability from nvd – Published: 2020-12-24 01:20 – Updated: 2024-08-04 08:39
VLAI
Summary
Untrusted search path vulnerability in self-extracting files created by EpsonNet SetupManager versions 2.2.14 and earlier, and Offirio SynergyWare PrintDirector versions 1.6x/1.6y and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Severity
No CVSS data available.
CWE
- Untrusted search path vulnerability
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.epson.jp/support/misc_t/201217_oshirase.htm | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN94244575/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SEIKO EPSON CORPORATION | EpsonNet SetupManager and Offirio SynergyWare PrintDirector |
Affected:
EpsonNet SetupManager versions 2.2.14 and earlier, and Offirio SynergyWare PrintDirector versions 1.6x/1.6y and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:39:25.694Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.epson.jp/support/misc_t/201217_oshirase.htm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN94244575/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EpsonNet SetupManager and Offirio SynergyWare PrintDirector",
"vendor": "SEIKO EPSON CORPORATION",
"versions": [
{
"status": "affected",
"version": "EpsonNet SetupManager versions 2.2.14 and earlier, and Offirio SynergyWare PrintDirector versions 1.6x/1.6y and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in self-extracting files created by EpsonNet SetupManager versions 2.2.14 and earlier, and Offirio SynergyWare PrintDirector versions 1.6x/1.6y and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted search path vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-24T01:20:20.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.epson.jp/support/misc_t/201217_oshirase.htm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN94244575/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5681",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EpsonNet SetupManager and Offirio SynergyWare PrintDirector",
"version": {
"version_data": [
{
"version_value": "EpsonNet SetupManager versions 2.2.14 and earlier, and Offirio SynergyWare PrintDirector versions 1.6x/1.6y and earlier"
}
]
}
}
]
},
"vendor_name": "SEIKO EPSON CORPORATION"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in self-extracting files created by EpsonNet SetupManager versions 2.2.14 and earlier, and Offirio SynergyWare PrintDirector versions 1.6x/1.6y and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.epson.jp/support/misc_t/201217_oshirase.htm",
"refsource": "MISC",
"url": "https://www.epson.jp/support/misc_t/201217_oshirase.htm"
},
{
"name": "https://jvn.jp/en/jp/JVN94244575/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN94244575/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5681",
"datePublished": "2020-12-24T01:20:20.000Z",
"dateReserved": "2020-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:39:25.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5674 (GCVE-0-2020-5674)
Vulnerability from nvd – Published: 2020-11-24 06:55 – Updated: 2024-08-04 08:39
VLAI
Summary
Untrusted search path vulnerability in the installers of multiple SEIKO EPSON products allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Severity
No CVSS data available.
CWE
- Untrusted search path vulnerability
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.epson.jp/support/misc_t/201119_oshirase.htm | x_refsource_MISC |
| https://www.epson.jp/support/pdf/fy20-001_softwar… | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN26835001/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SEIKO EPSON CORPORATION | the installers of multiple SEIKO EPSON products |
Affected:
A wide range of versions for the following products are affected -- Epson Web Installer, EPSON printer drivers, EPSON scanner drivers, EPSON Scan ICM Updaters, EPSON Printer Window!3, EPSON Printer Window!2 Firmware update programs, Network configuration utilities, Network print port monitors, Printer monitor SDK, Colorio series, Large-size printer related software, Laser printers, Copy station related software, Dot impact printer related software, Disk duplicator related software, CRYSTARIO related software, SureLab related software, Offirio Synergyware related software, Scanner related software, Digital cameras and Photo viewers related software, Projector related software, and PULSENSE and WristableGPS related software
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:39:25.452Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.epson.jp/support/misc_t/201119_oshirase.htm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.epson.jp/support/pdf/fy20-001_softwareList_20201106_b.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN26835001/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "the installers of multiple SEIKO EPSON products",
"vendor": "SEIKO EPSON CORPORATION",
"versions": [
{
"status": "affected",
"version": "A wide range of versions for the following products are affected -- Epson Web Installer, EPSON printer drivers, EPSON scanner drivers, EPSON Scan ICM Updaters, EPSON Printer Window!3, EPSON Printer Window!2 Firmware update programs, Network configuration utilities, Network print port monitors, Printer monitor SDK, Colorio series, Large-size printer related software, Laser printers, Copy station related software, Dot impact printer related software, Disk duplicator related software, CRYSTARIO related software, SureLab related software, Offirio Synergyware related software, Scanner related software, Digital cameras and Photo viewers related software, Projector related software, and PULSENSE and WristableGPS related software"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in the installers of multiple SEIKO EPSON products allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted search path vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-24T06:55:23.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.epson.jp/support/misc_t/201119_oshirase.htm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.epson.jp/support/pdf/fy20-001_softwareList_20201106_b.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN26835001/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5674",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "the installers of multiple SEIKO EPSON products",
"version": {
"version_data": [
{
"version_value": "A wide range of versions for the following products are affected -- Epson Web Installer, EPSON printer drivers, EPSON scanner drivers, EPSON Scan ICM Updaters, EPSON Printer Window!3, EPSON Printer Window!2 Firmware update programs, Network configuration utilities, Network print port monitors, Printer monitor SDK, Colorio series, Large-size printer related software, Laser printers, Copy station related software, Dot impact printer related software, Disk duplicator related software, CRYSTARIO related software, SureLab related software, Offirio Synergyware related software, Scanner related software, Digital cameras and Photo viewers related software, Projector related software, and PULSENSE and WristableGPS related software"
}
]
}
}
]
},
"vendor_name": "SEIKO EPSON CORPORATION"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in the installers of multiple SEIKO EPSON products allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.epson.jp/support/misc_t/201119_oshirase.htm",
"refsource": "MISC",
"url": "https://www.epson.jp/support/misc_t/201119_oshirase.htm"
},
{
"name": "https://www.epson.jp/support/pdf/fy20-001_softwareList_20201106_b.pdf",
"refsource": "MISC",
"url": "https://www.epson.jp/support/pdf/fy20-001_softwareList_20201106_b.pdf"
},
{
"name": "https://jvn.jp/en/jp/JVN26835001/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN26835001/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5674",
"datePublished": "2020-11-24T06:55:23.000Z",
"dateReserved": "2020-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:39:25.452Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-23767 (GCVE-0-2026-23767)
Vulnerability from cvelistv5 – Published: 2026-03-05 05:34 – Updated: 2026-03-06 10:21
VLAI
Summary
ESC/POS, a printer control language designed by Seiko Epson Corporation, lacks mechanisms for user authentication and command authorization, does not provide controls to restrict sources or destinations of network communication, and transmits commands without encryption or integrity protection.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-306 - Missing authentication for critical function
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Seiko Epson Corporation | ESC/POS |
Affected:
All products implementing ESC/POS
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-23767",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-06T10:20:45.963541Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-06T10:21:28.591Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ESC/POS",
"vendor": "Seiko Epson Corporation",
"versions": [
{
"status": "affected",
"version": "All products implementing ESC/POS"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ESC/POS, a printer control language designed by Seiko Epson Corporation, lacks mechanisms for user authentication and command authorization, does not provide controls to restrict sources or destinations of network communication, and transmits commands without encryption or integrity protection."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "Missing authentication for critical function",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T05:34:40.895Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.epson.jp/support/misc_t/260305_oshirase.htm"
},
{
"url": "https://download4.epson.biz/sec_pubs/bs/pdf/IP_Filtering_Guide_en_revA.pdf"
},
{
"url": "https://jvn.jp/en/ta/JVNTA97995322/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2026-23767",
"datePublished": "2026-03-05T05:34:40.895Z",
"dateReserved": "2026-01-16T02:20:20.477Z",
"dateUpdated": "2026-03-06T10:21:28.591Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66635 (GCVE-0-2025-66635)
Vulnerability from cvelistv5 – Published: 2025-12-16 06:59 – Updated: 2025-12-22 02:27
VLAI
Summary
Stack-based buffer overflow vulnerability exists in SEIKO EPSON Web Config. Specially crafted data input by a logged-in user may execute arbitrary code. As for the details of the affected products and versions, see the information provided by the vendor under [References].
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based buffer overflow
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SEIKO EPSON CORPORATION | Web Config |
Affected:
See the information/details provided by the vendor
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66635",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-16T21:32:37.175744Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T21:32:43.584Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Web Config",
"vendor": "SEIKO EPSON CORPORATION",
"versions": [
{
"status": "affected",
"version": "See the information/details provided by the vendor"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow vulnerability exists in SEIKO EPSON Web Config. Specially crafted data input by a logged-in user may execute arbitrary code. As for the details of the affected products and versions, see the information provided by the vendor under [References]."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based buffer overflow",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-22T02:27:45.711Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.epson.jp/support/misc_t/251216_oshirase.htm"
},
{
"url": "https://epson.com/Support/wa00971"
},
{
"url": "https://jvn.jp/en/jp/JVN51846148/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-66635",
"datePublished": "2025-12-16T06:59:25.611Z",
"dateReserved": "2025-12-10T06:27:24.088Z",
"dateUpdated": "2025-12-22T02:27:45.711Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64310 (GCVE-0-2025-64310)
Vulnerability from cvelistv5 – Published: 2025-11-21 02:36 – Updated: 2025-12-23 02:28
VLAI
Summary
EPSON WebConfig and Epson Web Control for SEIKO EPSON Projector Products do not restrict excessive authentication attempts. An administrative user's password may be identified through a brute force attack.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-307 - Improper restriction of excessive authentication attempts
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| SEIKO EPSON CORPORATION | EPSON WebConfig for SEIKO EPSON Projector Products |
Affected:
see the information provided by the vendor
|
|
| SEIKO EPSON CORPORATION | Epson Web Control for SEIKO EPSON Projector Products |
Affected:
see the information provided by the vendor
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64310",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-21T14:46:33.297574Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-21T14:58:53.483Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "EPSON WebConfig for SEIKO EPSON Projector Products",
"vendor": "SEIKO EPSON CORPORATION",
"versions": [
{
"status": "affected",
"version": "see the information provided by the vendor"
}
]
},
{
"product": "Epson Web Control for SEIKO EPSON Projector Products",
"vendor": "SEIKO EPSON CORPORATION",
"versions": [
{
"status": "affected",
"version": "see the information provided by the vendor"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "EPSON WebConfig and Epson Web Control for SEIKO EPSON Projector Products do not restrict excessive authentication attempts. An administrative user\u0027s password may be identified through a brute force attack."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-307",
"description": "Improper restriction of excessive authentication attempts",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-23T02:28:01.044Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.epson.co.uk/en_GB/faq/KA-02041/contents?loc=en-us"
},
{
"url": "https://www.epson.jp/support/misc_t/251120_oshirase.htm"
},
{
"url": "https://jvn.jp/en/vu/JVNVU95021911/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-64310",
"datePublished": "2025-11-21T02:36:35.115Z",
"dateReserved": "2025-10-30T00:25:25.443Z",
"dateUpdated": "2025-12-23T02:28:01.044Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-42598 (GCVE-0-2025-42598)
Vulnerability from cvelistv5 – Published: 2025-04-28 08:20 – Updated: 2025-04-28 16:10
VLAI
Summary
Multiple SEIKO EPSON printer drivers for Windows OS are configured with an improper access permission settings when installed or used in a language other than English. If a user is directed to place a crafted DLL file in a location of an attacker's choosing, the attacker may execute arbitrary code with SYSTEM privilege on a Windows system on which the printer driver is installed.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-276 - Incorrect default permissions
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SEIKO EPSON CORPORATION | SEIKO EPSON printer drivers for Windows OS |
Affected:
see the information provided by SEIKO EPSON CORPORATION.
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-42598",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-28T16:06:33.551722Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T16:10:51.558Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SEIKO EPSON printer drivers for Windows OS",
"vendor": "SEIKO EPSON CORPORATION",
"versions": [
{
"status": "affected",
"version": "see the information provided by SEIKO EPSON CORPORATION."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple SEIKO EPSON printer drivers for Windows OS are configured with an improper access permission settings when installed or used in a language other than English. If a user is directed to place a crafted DLL file in a location of an attacker\u0027s choosing, the attacker may execute arbitrary code with SYSTEM privilege on a Windows system on which the printer driver is installed."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "Incorrect default permissions",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T08:20:56.756Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.epson.co.uk/en_GB/faq/KA-01993/contents?loc=en-us"
},
{
"url": "https://www.epson.jp/support/misc_t/250428_oshirase.htm"
},
{
"url": "https://www2.epson.jp/support/misc_t/windrv_productlist.pdf"
},
{
"url": "https://jvn.jp/en/vu/JVNVU90649144/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-42598",
"datePublished": "2025-04-28T08:20:56.756Z",
"dateReserved": "2025-04-16T11:56:26.983Z",
"dateUpdated": "2025-04-28T16:10:51.558Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47295 (GCVE-0-2024-47295)
Vulnerability from cvelistv5 – Published: 2024-10-01 03:16 – Updated: 2024-11-11 07:15
VLAI
Summary
Insecure initial password configuration issue in SEIKO EPSON Web Config allows a remote unauthenticated attacker to set an arbitrary password and operate the device with an administrative privilege. As for the details of the affected versions, see the information provided by the vendor under [References].
Severity
8.1 (High)
8.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-1188 - Initialization of a resource with an insecure default
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| SEIKO EPSON CORPORATION | Web Config |
Affected:
See the information/details provided by the vendor
|
|
| seiko_epson_corporation | web_config |
Affected:
0 , < *
(custom)
cpe:2.3:a:seiko_epson_corporation:web_config:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:seiko_epson_corporation:web_config:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "web_config",
"vendor": "seiko_epson_corporation",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-47295",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-01T14:01:15.326202Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-01T14:01:18.787Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Web Config",
"vendor": "SEIKO EPSON CORPORATION",
"versions": [
{
"status": "affected",
"version": "See the information/details provided by the vendor"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insecure initial password configuration issue in SEIKO EPSON Web Config allows a remote unauthenticated attacker to set an arbitrary password and operate the device with an administrative privilege. As for the details of the affected versions, see the information provided by the vendor under [References]."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1188",
"description": "Initialization of a resource with an insecure default",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-11T07:15:21.646Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://epson.com/Support/wa00958"
},
{
"url": "https://www.epson.jp/support/misc_t/240930_03_oshirase.htm"
},
{
"url": "https://jvn.jp/en/vu/JVNVU95133448/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-47295",
"datePublished": "2024-10-01T03:16:40.052Z",
"dateReserved": "2024-09-24T08:32:15.357Z",
"dateUpdated": "2024-11-11T07:15:21.646Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38556 (GCVE-0-2023-38556)
Vulnerability from cvelistv5 – Published: 2023-08-02 07:19 – Updated: 2024-10-21 20:04
VLAI
Summary
Improper input validation vulnerability in SEIKO EPSON printer Web Config allows a remote attacker to turned off the printer.
[Note] Web Config is the software that allows users to check the status and change the settings of SEIKO EPSON printers via a web browser. Web Config is pre-installed in some printers provided by SEIKO EPSON CORPORATION. For the details of the affected product names/model numbers, refer to the information provided by the vendor.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Improper input validation
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SEIKO EPSON CORPORATION | SEIKO EPSON printer Web Config |
Affected:
unspecified
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:46:56.431Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.epson.jp/support/misc_t/230802_oshirase.htm"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN61337171/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38556",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T20:04:30.379958Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T20:04:46.984Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SEIKO EPSON printer Web Config",
"vendor": "SEIKO EPSON CORPORATION",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation vulnerability in SEIKO EPSON printer Web Config allows a remote attacker to turned off the printer.\r\n[Note] Web Config is the software that allows users to check the status and change the settings of SEIKO EPSON printers via a web browser. Web Config is pre-installed in some printers provided by SEIKO EPSON CORPORATION. For the details of the affected product names/model numbers, refer to the information provided by the vendor."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper input validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-02T07:19:26.549Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.epson.jp/support/misc_t/230802_oshirase.htm"
},
{
"url": "https://jvn.jp/en/jp/JVN61337171/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-38556",
"datePublished": "2023-08-02T07:19:26.549Z",
"dateReserved": "2023-07-20T05:02:21.624Z",
"dateUpdated": "2024-10-21T20:04:46.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-23572 (GCVE-0-2023-23572)
Vulnerability from cvelistv5 – Published: 2023-04-11 00:00 – Updated: 2025-02-11 15:51
VLAI
Summary
Cross-site scripting vulnerability in SEIKO EPSON printers/network interface Web Config allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script. [Note] Web Config is the software that allows users to check the status and change the settings of SEIKO EPSON printers/network interface via a web browser. According to SEIKO EPSON CORPORATION, it is also called as Remote Manager in some products. Web Config is pre-installed in some printers/network interface provided by SEIKO EPSON CORPORATION. For the details of the affected product names/model numbers, refer to the information provided by the vendor.
Severity
4.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Cross-site scripting
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SEIKO EPSON CORPORATION | SEIKO EPSON printers/network interface Web Config |
Affected:
unspecified
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:35:33.453Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.epson.jp/support/misc_t/230308_oshirase.htm"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN82424996/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-23572",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T15:50:11.024574Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T15:51:26.574Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SEIKO EPSON printers/network interface Web Config",
"vendor": "SEIKO EPSON CORPORATION",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in SEIKO EPSON printers/network interface Web Config allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script. [Note] Web Config is the software that allows users to check the status and change the settings of SEIKO EPSON printers/network interface via a web browser. According to SEIKO EPSON CORPORATION, it is also called as Remote Manager in some products. Web Config is pre-installed in some printers/network interface provided by SEIKO EPSON CORPORATION. For the details of the affected product names/model numbers, refer to the information provided by the vendor."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-11T00:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.epson.jp/support/misc_t/230308_oshirase.htm"
},
{
"url": "https://jvn.jp/en/jp/JVN82424996/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-23572",
"datePublished": "2023-04-11T00:00:00.000Z",
"dateReserved": "2023-03-02T00:00:00.000Z",
"dateUpdated": "2025-02-11T15:51:26.574Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-27520 (GCVE-0-2023-27520)
Vulnerability from cvelistv5 – Published: 2023-04-11 00:00 – Updated: 2025-02-10 21:27
VLAI
Summary
Cross-site request forgery (CSRF) vulnerability in SEIKO EPSON printers/network interface Web Config allows a remote unauthenticated attacker to hijack the authentication and perform unintended operations by having a logged-in user view a malicious page. [Note] Web Config is the software that allows users to check the status and change the settings of SEIKO EPSON printers/network interface via a web browser. According to SEIKO EPSON CORPORATION, it is also called as Remote Manager in some products. Web Config is pre-installed in some printers/network interface provided by SEIKO EPSON CORPORATION. For the details of the affected product names/model numbers, refer to the information provided by the vendor.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Cross-site request forgery
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SEIKO EPSON CORPORATION | SEIKO EPSON printers/network interface Web Config |
Affected:
unspecified
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:16:35.577Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.epson.jp/support/misc_t/230308_oshirase.htm"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN82424996/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-27520",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-10T21:27:03.425152Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-10T21:27:09.702Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SEIKO EPSON printers/network interface Web Config",
"vendor": "SEIKO EPSON CORPORATION",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in SEIKO EPSON printers/network interface Web Config allows a remote unauthenticated attacker to hijack the authentication and perform unintended operations by having a logged-in user view a malicious page. [Note] Web Config is the software that allows users to check the status and change the settings of SEIKO EPSON printers/network interface via a web browser. According to SEIKO EPSON CORPORATION, it is also called as Remote Manager in some products. Web Config is pre-installed in some printers/network interface provided by SEIKO EPSON CORPORATION. For the details of the affected product names/model numbers, refer to the information provided by the vendor."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site request forgery",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-11T00:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.epson.jp/support/misc_t/230308_oshirase.htm"
},
{
"url": "https://jvn.jp/en/jp/JVN82424996/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-27520",
"datePublished": "2023-04-11T00:00:00.000Z",
"dateReserved": "2023-03-02T00:00:00.000Z",
"dateUpdated": "2025-02-10T21:27:09.702Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5681 (GCVE-0-2020-5681)
Vulnerability from cvelistv5 – Published: 2020-12-24 01:20 – Updated: 2024-08-04 08:39
VLAI
Summary
Untrusted search path vulnerability in self-extracting files created by EpsonNet SetupManager versions 2.2.14 and earlier, and Offirio SynergyWare PrintDirector versions 1.6x/1.6y and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Severity
No CVSS data available.
CWE
- Untrusted search path vulnerability
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.epson.jp/support/misc_t/201217_oshirase.htm | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN94244575/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SEIKO EPSON CORPORATION | EpsonNet SetupManager and Offirio SynergyWare PrintDirector |
Affected:
EpsonNet SetupManager versions 2.2.14 and earlier, and Offirio SynergyWare PrintDirector versions 1.6x/1.6y and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:39:25.694Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.epson.jp/support/misc_t/201217_oshirase.htm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN94244575/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EpsonNet SetupManager and Offirio SynergyWare PrintDirector",
"vendor": "SEIKO EPSON CORPORATION",
"versions": [
{
"status": "affected",
"version": "EpsonNet SetupManager versions 2.2.14 and earlier, and Offirio SynergyWare PrintDirector versions 1.6x/1.6y and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in self-extracting files created by EpsonNet SetupManager versions 2.2.14 and earlier, and Offirio SynergyWare PrintDirector versions 1.6x/1.6y and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted search path vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-24T01:20:20.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.epson.jp/support/misc_t/201217_oshirase.htm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN94244575/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5681",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EpsonNet SetupManager and Offirio SynergyWare PrintDirector",
"version": {
"version_data": [
{
"version_value": "EpsonNet SetupManager versions 2.2.14 and earlier, and Offirio SynergyWare PrintDirector versions 1.6x/1.6y and earlier"
}
]
}
}
]
},
"vendor_name": "SEIKO EPSON CORPORATION"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in self-extracting files created by EpsonNet SetupManager versions 2.2.14 and earlier, and Offirio SynergyWare PrintDirector versions 1.6x/1.6y and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.epson.jp/support/misc_t/201217_oshirase.htm",
"refsource": "MISC",
"url": "https://www.epson.jp/support/misc_t/201217_oshirase.htm"
},
{
"name": "https://jvn.jp/en/jp/JVN94244575/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN94244575/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5681",
"datePublished": "2020-12-24T01:20:20.000Z",
"dateReserved": "2020-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:39:25.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5674 (GCVE-0-2020-5674)
Vulnerability from cvelistv5 – Published: 2020-11-24 06:55 – Updated: 2024-08-04 08:39
VLAI
Summary
Untrusted search path vulnerability in the installers of multiple SEIKO EPSON products allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Severity
No CVSS data available.
CWE
- Untrusted search path vulnerability
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.epson.jp/support/misc_t/201119_oshirase.htm | x_refsource_MISC |
| https://www.epson.jp/support/pdf/fy20-001_softwar… | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN26835001/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SEIKO EPSON CORPORATION | the installers of multiple SEIKO EPSON products |
Affected:
A wide range of versions for the following products are affected -- Epson Web Installer, EPSON printer drivers, EPSON scanner drivers, EPSON Scan ICM Updaters, EPSON Printer Window!3, EPSON Printer Window!2 Firmware update programs, Network configuration utilities, Network print port monitors, Printer monitor SDK, Colorio series, Large-size printer related software, Laser printers, Copy station related software, Dot impact printer related software, Disk duplicator related software, CRYSTARIO related software, SureLab related software, Offirio Synergyware related software, Scanner related software, Digital cameras and Photo viewers related software, Projector related software, and PULSENSE and WristableGPS related software
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:39:25.452Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.epson.jp/support/misc_t/201119_oshirase.htm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.epson.jp/support/pdf/fy20-001_softwareList_20201106_b.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN26835001/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "the installers of multiple SEIKO EPSON products",
"vendor": "SEIKO EPSON CORPORATION",
"versions": [
{
"status": "affected",
"version": "A wide range of versions for the following products are affected -- Epson Web Installer, EPSON printer drivers, EPSON scanner drivers, EPSON Scan ICM Updaters, EPSON Printer Window!3, EPSON Printer Window!2 Firmware update programs, Network configuration utilities, Network print port monitors, Printer monitor SDK, Colorio series, Large-size printer related software, Laser printers, Copy station related software, Dot impact printer related software, Disk duplicator related software, CRYSTARIO related software, SureLab related software, Offirio Synergyware related software, Scanner related software, Digital cameras and Photo viewers related software, Projector related software, and PULSENSE and WristableGPS related software"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in the installers of multiple SEIKO EPSON products allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted search path vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-24T06:55:23.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.epson.jp/support/misc_t/201119_oshirase.htm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.epson.jp/support/pdf/fy20-001_softwareList_20201106_b.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN26835001/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5674",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "the installers of multiple SEIKO EPSON products",
"version": {
"version_data": [
{
"version_value": "A wide range of versions for the following products are affected -- Epson Web Installer, EPSON printer drivers, EPSON scanner drivers, EPSON Scan ICM Updaters, EPSON Printer Window!3, EPSON Printer Window!2 Firmware update programs, Network configuration utilities, Network print port monitors, Printer monitor SDK, Colorio series, Large-size printer related software, Laser printers, Copy station related software, Dot impact printer related software, Disk duplicator related software, CRYSTARIO related software, SureLab related software, Offirio Synergyware related software, Scanner related software, Digital cameras and Photo viewers related software, Projector related software, and PULSENSE and WristableGPS related software"
}
]
}
}
]
},
"vendor_name": "SEIKO EPSON CORPORATION"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in the installers of multiple SEIKO EPSON products allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.epson.jp/support/misc_t/201119_oshirase.htm",
"refsource": "MISC",
"url": "https://www.epson.jp/support/misc_t/201119_oshirase.htm"
},
{
"name": "https://www.epson.jp/support/pdf/fy20-001_softwareList_20201106_b.pdf",
"refsource": "MISC",
"url": "https://www.epson.jp/support/pdf/fy20-001_softwareList_20201106_b.pdf"
},
{
"name": "https://jvn.jp/en/jp/JVN26835001/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN26835001/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5674",
"datePublished": "2020-11-24T06:55:23.000Z",
"dateReserved": "2020-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:39:25.452Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}