Vulnerabilites related to epson - webconfig
var-202011-1263
Vulnerability from variot
Untrusted search path vulnerability in the installers of multiple SEIKO EPSON products allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Mitsui Bussan Secure Direction Co., Ltd. Yuji Higashiuchi MrArbitrary code can be executed with the privileges of running the installer
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202011-1263",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "colorio easy print",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "link2",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "net config se",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "e-photo",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "status monitor 3",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "print",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "photostarter",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": "3.1"
},
{
"model": "colorbase",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "color calibration utility",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "scan icm updater",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "scanner driver",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "photoquicker",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "easy settings",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "prolab print",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "status monitor 2",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "photolier",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "imaging workshop",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "easy photo print",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "multi-print quicker",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "ec-01",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "print image framer tool",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "web to page",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "creativity suite",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "remote printer driver",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "universal print driver",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "connect",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "net print",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "net software development kit",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "print layout",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "net config",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "album print",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "webconfig",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "pm-t990 integrated installer",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "",
"scope": null,
"trust": 0.8,
"vendor": "seiko epson",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-000075"
},
{
"db": "NVD",
"id": "CVE-2020-5674"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:epson:multiple_product",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-000075"
}
]
},
"cve": "CVE-2020-5674",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "CVE-2020-5674",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-000075",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "VHN-183799",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2020-5674",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-000075",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-5674",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2020-000075",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202011-1783",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-183799",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-183799"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-000075"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1783"
},
{
"db": "NVD",
"id": "CVE-2020-5674"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Untrusted search path vulnerability in the installers of multiple SEIKO EPSON products allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Mitsui Bussan Secure Direction Co., Ltd. Yuji Higashiuchi MrArbitrary code can be executed with the privileges of running the installer",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5674"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-000075"
},
{
"db": "VULHUB",
"id": "VHN-183799"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-5674",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVN26835001",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2020-000075",
"trust": 1.4
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1783",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-183799",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-183799"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-000075"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1783"
},
{
"db": "NVD",
"id": "CVE-2020-5674"
}
]
},
"id": "VAR-202011-1263",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-183799"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:40:50.897000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\u30a8\u30d7\u30bd\u30f3\u88fd\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2\u306eDLL\u8aad\u307f\u8fbc\u307f\u306b\u95a2\u3059\u308b\u8106\u5f31\u6027\u306b\u3064\u3044\u3066",
"trust": 0.8,
"url": "https://www.epson.jp/support/misc_t/201119_oshirase.htm"
},
{
"title": "SEIKO EPSON CORPORATION Repair measures for code problems and vulnerabilities of multiple products",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=136427"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-000075"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1783"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-427",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
},
{
"problemtype": "CWE-426",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-183799"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-000075"
},
{
"db": "NVD",
"id": "CVE-2020-5674"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://jvn.jp/en/jp/jvn26835001/index.html"
},
{
"trust": 1.7,
"url": "https://www.epson.jp/support/misc_t/201119_oshirase.htm"
},
{
"trust": 1.7,
"url": "https://www.epson.jp/support/pdf/fy20-001_softwarelist_20201106_b.pdf"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5674"
},
{
"trust": 0.8,
"url": "https://jvn.jp/ta/jvnta91240916/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/jp/jvn26835001/index.html"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5674"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2020/jvndb-2020-000075.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-183799"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-000075"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1783"
},
{
"db": "NVD",
"id": "CVE-2020-5674"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-183799"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-000075"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1783"
},
{
"db": "NVD",
"id": "CVE-2020-5674"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-11-24T00:00:00",
"db": "VULHUB",
"id": "VHN-183799"
},
{
"date": "2020-11-20T03:03:58",
"db": "JVNDB",
"id": "JVNDB-2020-000075"
},
{
"date": "2020-11-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202011-1783"
},
{
"date": "2020-11-24T07:15:11.937000",
"db": "NVD",
"id": "CVE-2020-5674"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-21T00:00:00",
"db": "VULHUB",
"id": "VHN-183799"
},
{
"date": "2020-11-20T03:03:58",
"db": "JVNDB",
"id": "JVNDB-2020-000075"
},
{
"date": "2021-01-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202011-1783"
},
{
"date": "2024-11-21T05:34:27.477000",
"db": "NVD",
"id": "CVE-2020-5674"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202011-1783"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In the installer of multiple products made by Seiko Epson DLL Read vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-000075"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202011-1783"
}
],
"trust": 0.6
}
}
CVE-2020-5674 (GCVE-0-2020-5674)
Vulnerability from cvelistv5
Published
2020-11-24 06:55
Modified
2024-08-04 08:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Untrusted search path vulnerability
Summary
Untrusted search path vulnerability in the installers of multiple SEIKO EPSON products allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.epson.jp/support/misc_t/201119_oshirase.htm | x_refsource_MISC | |
| https://www.epson.jp/support/pdf/fy20-001_softwareList_20201106_b.pdf | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN26835001/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SEIKO EPSON CORPORATION | the installers of multiple SEIKO EPSON products |
Version: A wide range of versions for the following products are affected -- Epson Web Installer, EPSON printer drivers, EPSON scanner drivers, EPSON Scan ICM Updaters, EPSON Printer Window!3, EPSON Printer Window!2 Firmware update programs, Network configuration utilities, Network print port monitors, Printer monitor SDK, Colorio series, Large-size printer related software, Laser printers, Copy station related software, Dot impact printer related software, Disk duplicator related software, CRYSTARIO related software, SureLab related software, Offirio Synergyware related software, Scanner related software, Digital cameras and Photo viewers related software, Projector related software, and PULSENSE and WristableGPS related software |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:39:25.452Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.epson.jp/support/misc_t/201119_oshirase.htm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.epson.jp/support/pdf/fy20-001_softwareList_20201106_b.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN26835001/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "the installers of multiple SEIKO EPSON products",
"vendor": "SEIKO EPSON CORPORATION",
"versions": [
{
"status": "affected",
"version": "A wide range of versions for the following products are affected -- Epson Web Installer, EPSON printer drivers, EPSON scanner drivers, EPSON Scan ICM Updaters, EPSON Printer Window!3, EPSON Printer Window!2 Firmware update programs, Network configuration utilities, Network print port monitors, Printer monitor SDK, Colorio series, Large-size printer related software, Laser printers, Copy station related software, Dot impact printer related software, Disk duplicator related software, CRYSTARIO related software, SureLab related software, Offirio Synergyware related software, Scanner related software, Digital cameras and Photo viewers related software, Projector related software, and PULSENSE and WristableGPS related software"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in the installers of multiple SEIKO EPSON products allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted search path vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-24T06:55:23",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.epson.jp/support/misc_t/201119_oshirase.htm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.epson.jp/support/pdf/fy20-001_softwareList_20201106_b.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN26835001/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5674",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "the installers of multiple SEIKO EPSON products",
"version": {
"version_data": [
{
"version_value": "A wide range of versions for the following products are affected -- Epson Web Installer, EPSON printer drivers, EPSON scanner drivers, EPSON Scan ICM Updaters, EPSON Printer Window!3, EPSON Printer Window!2 Firmware update programs, Network configuration utilities, Network print port monitors, Printer monitor SDK, Colorio series, Large-size printer related software, Laser printers, Copy station related software, Dot impact printer related software, Disk duplicator related software, CRYSTARIO related software, SureLab related software, Offirio Synergyware related software, Scanner related software, Digital cameras and Photo viewers related software, Projector related software, and PULSENSE and WristableGPS related software"
}
]
}
}
]
},
"vendor_name": "SEIKO EPSON CORPORATION"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in the installers of multiple SEIKO EPSON products allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.epson.jp/support/misc_t/201119_oshirase.htm",
"refsource": "MISC",
"url": "https://www.epson.jp/support/misc_t/201119_oshirase.htm"
},
{
"name": "https://www.epson.jp/support/pdf/fy20-001_softwareList_20201106_b.pdf",
"refsource": "MISC",
"url": "https://www.epson.jp/support/pdf/fy20-001_softwareList_20201106_b.pdf"
},
{
"name": "https://jvn.jp/en/jp/JVN26835001/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN26835001/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5674",
"datePublished": "2020-11-24T06:55:23",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:39:25.452Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2020-11-24 07:15
Modified
2024-11-21 05:34
Severity ?
Summary
Untrusted search path vulnerability in the installers of multiple SEIKO EPSON products allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:epson:album_print:-:*:*:*:*:update_program:*:*",
"matchCriteriaId": "48F91F47-D4DB-43A9-85FC-98A52D4656D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epson:color_calibration_utility:-:*:*:*:*:*:*:*",
"matchCriteriaId": "94EE867A-EE2E-469B-875F-B2E11F6508F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epson:colorbase:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AAEFA568-7007-466B-8746-B8AC1B2E74AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epson:colorio_easy_print:-:*:*:*:*:*:*:*",
"matchCriteriaId": "805121F0-EE95-411B-9D8F-217DE202DB4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epson:connect:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB25B1B2-6766-4FF5-BA83-AF4579DE905F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epson:creativity_suite:-:*:*:*:*:*:*:*",
"matchCriteriaId": "41CB4CD9-7A73-4EB5-A22B-EE46C2315732",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epson:e-photo:-:*:*:*:*:camera_raw:*:*",
"matchCriteriaId": "37FF3D98-82FB-4E87-BB64-371D64811C83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epson:e-photo:-:*:*:*:*:picture_motion_browser:*:*",
"matchCriteriaId": "893E9653-D468-4BF5-9F32-E7CAF9C655AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epson:easy_photo_print:-:*:*:*:*:-:*:*",
"matchCriteriaId": "D0FCC3A3-9E02-4CAA-A8B8-B7CA0084D672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epson:easy_photo_print:-:*:*:*:*:camera_raw:*:*",
"matchCriteriaId": "1287AFA1-D572-469D-852C-F2C39798EEB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epson:easy_settings:-:*:*:*:*:office:*:*",
"matchCriteriaId": "3914291A-AF9C-4B97-AF99-FF9BC47961B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epson:imaging_workshop:-:*:*:*:*:*:*:*",
"matchCriteriaId": "757A2598-DFFB-42CC-AF5B-74B54F73FC15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epson:link2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D953E72-77C9-4AD2-9499-03511311E2DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epson:multi-print_quicker:-:*:*:*:*:windows:*:*",
"matchCriteriaId": "68D2A328-0A73-4071-B39A-EC70C43FB03B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epson:net_config:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B9942B4-5EE6-46E3-B9A7-4DAB9DEC868D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epson:net_config_se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C9148DA8-7E6C-4B68-B0BF-6C30E6AA2E03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epson:net_print:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DAFEB911-0397-4598-9125-83B42DF82300",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epson:net_software_development_kit:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C0A183B-3EAB-4CB1-A92C-29814E884FFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epson:photolier:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEAD9BB8-5FC8-4A6E-BA04-0376D2B3829D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epson:photoquicker:-:*:*:*:*:*:*:*",
"matchCriteriaId": "22864077-BA06-48E7-92C4-804C07540D81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epson:photostarter:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "21AF90FB-DC56-4D6D-9B3A-3BD9831B71E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epson:pm-t990_integrated_installer:-:*:*:*:*:windows:*:*",
"matchCriteriaId": "3FAED136-5494-4BAC-86C2-FD78BAAB99C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epson:print:-:*:*:*:*:playmemories_home:*:*",
"matchCriteriaId": "5D975A2B-4A9A-4112-804E-572258A950E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epson:print:-:*:*:*:*:silkypix:*:*",
"matchCriteriaId": "6ACD4EF0-3737-40D3-9241-62F62A42C210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epson:print:-:*:*:*:*:viewnx:*:*",
"matchCriteriaId": "7C1D5774-AB44-4FBE-BE76-A1163E2FE229",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epson:print_image_framer_tool:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23A7DDCC-139F-49DA-B934-E516ABEC39B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epson:print_layout:-:*:*:*:*:photoshop:*:*",
"matchCriteriaId": "E239E07B-97BE-497E-8E23-E7360597CF15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epson:prolab_print:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12C98ECC-AD46-4FA6-8EE5-3D8D40513095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epson:prolab_print:-:*:*:*:*:camera_raw:*:*",
"matchCriteriaId": "3FAA6D17-1E9A-4A03-8180-1E3F4C9DB3CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epson:remote_printer_driver:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9D6E33D-8034-4D1F-96EF-F77D5263DAA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epson:scan_icm_updater:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C67751C5-8A62-4EC1-84B3-0F6D8F7168B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epson:scanner_driver:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21033145-DAB6-479E-972E-D4E06F043D81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epson:web_to_page:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C039FA52-ACEA-4173-9DA5-A79E824D164C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epson:webconfig:-:*:*:*:*:*:*:*",
"matchCriteriaId": "621D2404-C063-4DEC-BD2D-65B01B4BC74A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:epson:universal_print_driver:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D9EFF20-1E2F-45C9-8395-3D8CF1067357",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "82132539-3C34-4B63-BE2A-F51077D8BC5A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:x86:*",
"matchCriteriaId": "60366048-32FE-4081-A852-04319FD7A52C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:epson:status_monitor_2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52E77D28-30B0-459E-B121-5D6D381CFB44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:epson:status_monitor_3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0852ABB9-5632-471A-BE1B-A0DBF08DF706",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:epson:ec-01_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "638E1D59-4F3E-4D51-B9D8-02A438B028B3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:epson:ec-01:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A73DE5CB-AFB3-4622-8F87-4842858B8A41",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:epson:print_image_framer_tool:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23A7DDCC-139F-49DA-B934-E516ABEC39B2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_98:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40FC681A-7B85-4495-8DCC-C459FE7E2F13",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_me:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E44D629-D3EB-4F67-BF67-B25910453562",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in the installers of multiple SEIKO EPSON products allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
},
{
"lang": "es",
"value": "Una vulnerabilidad de ruta de b\u00fasqueda no confiable en los instaladores de m\u00faltiples productos SEIKO EPSON, permite a un atacante alcanzar privilegios por medio de una DLL de tipo caballo de Troya en un directorio no especificado"
}
],
"id": "CVE-2020-5674",
"lastModified": "2024-11-21T05:34:27.477",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-11-24T07:15:11.937",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN26835001/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://www.epson.jp/support/misc_t/201119_oshirase.htm"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://www.epson.jp/support/pdf/fy20-001_softwareList_20201106_b.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN26835001/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.epson.jp/support/misc_t/201119_oshirase.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.epson.jp/support/pdf/fy20-001_softwareList_20201106_b.pdf"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}