Refine your search
3 vulnerabilities found for Web Config by SEIKO EPSON CORPORATION
jvndb-2024-009481
Vulnerability from jvndb
Published
2024-10-01 14:14
Modified
2024-11-12 10:25
Severity ?
Summary
Insecure initial password configuration issue in SEIKO EPSON Web Config
Details
Web Config is software that allows users to check the status and change the settings of SEIKO EPSON products, e.g., printers and scanners, via a web browser. In the initial setting no administrative password is set, and when a user connects the device and configures Web Config settings for the first time, the user is requested to set the password.
Therefore, when a product is connected to network without the Web Config settings configured, arbitrary password may be set and the device may be operated with an administrative privilege by an attacker (CWE-1188).
George Puckett reported this vulnerability to CERT/CC.
Requested by CERT/CC, JPCERT/CC coordinated with the developer.
References
| Type | URL | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-009481.html",
"dc:date": "2024-11-12T10:25+09:00",
"dcterms:issued": "2024-10-01T14:14+09:00",
"dcterms:modified": "2024-11-12T10:25+09:00",
"description": "Web Config is software that allows users to check the status and change the settings of SEIKO EPSON products, e.g., printers and scanners, via a web browser. In the initial setting no administrative password is set, and when a user connects the device and configures Web Config settings for the first time, the user is requested to set the password.\r\nTherefore, when a product is connected to network without the Web Config settings configured, arbitrary password may be set and the device may be operated with an administrative privilege by an attacker (CWE-1188).\r\n\r\nGeorge Puckett reported this vulnerability to CERT/CC.\r\nRequested by CERT/CC, JPCERT/CC coordinated with the developer.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-009481.html",
"sec:cpe": {
"#text": "cpe:/a:epson:web_config",
"@product": "Web Config",
"@vendor": "SEIKO EPSON CORPORATION",
"@version": "2.2"
},
"sec:cvss": {
"@score": "8.1",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2024-009481",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU95133448/index.html",
"@id": "JVNVU#95133448",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=\tCVE-2024-47295",
"@id": "CVE-2024-47295",
"@source": "CVE"
},
{
"#text": "https://cwe.mitre.org/data/definitions/1188.html",
"@id": "CWE-1188",
"@title": "Insecure Default Initialization of Resource(CWE-1188)"
}
],
"title": "Insecure initial password configuration issue in SEIKO EPSON Web Config"
}
jvndb-2023-000076
Vulnerability from jvndb
Published
2023-08-02 14:55
Modified
2024-04-19 17:27
Severity ?
Summary
SEIKO EPSON printer Web Config vulnerable to denial-of-service (DoS)
Details
SEIKO EPSON printer Web Config contains a denial-of-service (DoS) vulnerability due to improper input validation (CWE-20).
SEIKO EPSON CORPORATION reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and SEIKO EPSON CORPORATION coordinated under the Information Security Early Warning Partnership.
References
| Type | URL | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000076.html",
"dc:date": "2024-04-19T17:27+09:00",
"dcterms:issued": "2023-08-02T14:55+09:00",
"dcterms:modified": "2024-04-19T17:27+09:00",
"description": "SEIKO EPSON printer Web Config contains a denial-of-service (DoS) vulnerability due to improper input validation (CWE-20).\r\n\r\nSEIKO EPSON CORPORATION reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and SEIKO EPSON CORPORATION coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000076.html",
"sec:cpe": {
"#text": "cpe:/a:epson:web_config",
"@product": "Web Config",
"@vendor": "SEIKO EPSON CORPORATION",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"@version": "2.0"
},
{
"@score": "7.5",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2023-000076",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN61337171/index.html",
"@id": "JVN#61337171",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-38556",
"@id": "CVE-2023-38556",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-38556",
"@id": "CVE-2023-38556",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
}
],
"title": "SEIKO EPSON printer Web Config vulnerable to denial-of-service (DoS)"
}
jvndb-2023-000022
Vulnerability from jvndb
Published
2023-03-08 15:09
Modified
2024-06-03 17:36
Severity ?
Summary
Multiple vulnerabilities in SEIKO EPSON printers/network interface Web Config
Details
Web Config for printers/network interface provided by SEIKO EPSON CORPORATION contains multiple vulnerabilities listed below.
<li>Stored cross-site Scripting (CWE-79) - CVE-2023-23572
<li>Cross-Site Request Forgery (CWE-352) - CVE-2023-27520
Takaya Noma, Yudai Morii, Hiroki Yasui, Takayuki Sasaki, and Katsunari Yoshioka of Yokohama National University reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000022.html",
"dc:date": "2024-06-03T17:36+09:00",
"dcterms:issued": "2023-03-08T15:09+09:00",
"dcterms:modified": "2024-06-03T17:36+09:00",
"description": "Web Config for printers/network interface provided by SEIKO EPSON CORPORATION contains multiple vulnerabilities listed below.\r\n\u003cli\u003eStored cross-site Scripting (CWE-79) - CVE-2023-23572\r\n\u003cli\u003eCross-Site Request Forgery (CWE-352) - CVE-2023-27520\r\n\r\nTakaya Noma, Yudai Morii, Hiroki Yasui, Takayuki Sasaki, and Katsunari Yoshioka of Yokohama National University reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000022.html",
"sec:cpe": {
"#text": "cpe:/a:epson:web_config",
"@product": "Web Config",
"@vendor": "SEIKO EPSON CORPORATION",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "3.5",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2023-000022",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN82424996/index.html",
"@id": "JVN#82424996",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-27520",
"@id": "CVE-2023-27520",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-23572",
"@id": "CVE-2023-23572",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-23572",
"@id": "CVE-2023-23572",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-27520",
"@id": "CVE-2023-27520",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Multiple vulnerabilities in SEIKO EPSON printers/network interface Web Config"
}