var-202303-0412
Vulnerability from variot
Cross-site scripting vulnerability in SEIKO EPSON printers/network interface Web Config allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script. [Note] Web Config is the software that allows users to check the status and change the settings of SEIKO EPSON printers/network interface via a web browser. According to SEIKO EPSON CORPORATION, it is also called as Remote Manager in some products. Web Config is pre-installed in some printers/network interface provided by SEIKO EPSON CORPORATION. For the details of the affected product names/model numbers, refer to the information provided by the vendor. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Yokohama National University Mayoya Noma Mr. Yuta Morii Mr. Hiroki Yasui Mr. Takayuki Sasaki Mr. Katsunari Yoshioka MrThe potential impact will vary for each vulnerability, but you may be affected by:・The number of users who accessed the setting screen of the product Web Arbitrary scripts are executed on the browser - CVE-2023-23572 ・If a user who is logged in to the product's setting screen accesses a specially crafted page, the product's settings are changed. - CVE-2023-27520
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202303-0412",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "lp-s5300r",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s310n",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s3000",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s5300",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "prifnw3",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s300n",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s3000z",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-8500c",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s7500",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "prifnw7u",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s7100",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s3000ps",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s5000",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-9200ps3",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "prifnw2",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "esnsb2",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-8200c",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-9300",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-9200c",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s4500",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "pa-w11g2",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s4000",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s7000",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s3500",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-9200b",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "esnsb1",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "prifnw2ac",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s3000r",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "prifnw1s",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s6500",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s7500ps",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "prifnw1",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s9000",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-9200ps2",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "prifnw7",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-9600s",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-8700ps3",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "prifnw7s",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-9800c",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "prifnw6",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s6000",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-9600",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s5500",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "esifnw1",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s4200",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "prifnw2sac",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s8100",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "pa-w11g",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "prifnw3s",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "prifnw2s",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "web config",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30bb\u30a4\u30b3\u30fc\u30a8\u30d7\u30bd\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": "this product has been installed in some seiko epson printers network interface products. please check the information provided by the developer for the products that have been installed."
},
{
"model": "web config",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30bb\u30a4\u30b3\u30fc\u30a8\u30d7\u30bd\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "web config",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30bb\u30a4\u30b3\u30fc\u30a8\u30d7\u30bd\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": "according to the developer, in some products remote manager it is said that it is sometimes called."
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-000022"
},
{
"db": "NVD",
"id": "CVE-2023-23572"
}
]
},
"cve": "CVE-2023-23572",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 3.5,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2023-000022",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.7,
"id": "CVE-2023-23572",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.8,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2023-000022",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "High",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-23572",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2023-000022",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202304-913",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-000022"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-913"
},
{
"db": "NVD",
"id": "CVE-2023-23572"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting vulnerability in SEIKO EPSON printers/network interface Web Config allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script. [Note] Web Config is the software that allows users to check the status and change the settings of SEIKO EPSON printers/network interface via a web browser. According to SEIKO EPSON CORPORATION, it is also called as Remote Manager in some products. Web Config is pre-installed in some printers/network interface provided by SEIKO EPSON CORPORATION. For the details of the affected product names/model numbers, refer to the information provided by the vendor. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Yokohama National University Mayoya Noma Mr. Yuta Morii Mr. Hiroki Yasui Mr. Takayuki Sasaki Mr. Katsunari Yoshioka MrThe potential impact will vary for each vulnerability, but you may be affected by:\u30fbThe number of users who accessed the setting screen of the product Web Arbitrary scripts are executed on the browser - CVE-2023-23572 \u30fbIf a user who is logged in to the product\u0027s setting screen accesses a specially crafted page, the product\u0027s settings are changed. - CVE-2023-27520",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-23572"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-000022"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-23572",
"trust": 3.2
},
{
"db": "JVN",
"id": "JVN82424996",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2023-000022",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202304-913",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-000022"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-913"
},
{
"db": "NVD",
"id": "CVE-2023-23572"
}
]
},
"id": "VAR-202303-0412",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.6666667
},
"last_update_date": "2024-08-14T14:17:22.297000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "of printers and network interface products Web\u00a0Config about vulnerabilities in",
"trust": 0.8,
"url": "https://www.epson.jp/support/misc_t/230308_oshirase.htm"
},
{
"title": "EPSON printer Fixes for cross-site request forgery vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=234196"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-000022"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-913"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
},
{
"problemtype": "Cross-site scripting (CWE-79) [IPA evaluation ]",
"trust": 0.8
},
{
"problemtype": " Cross-site request forgery (CWE-352) [IPA evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-000022"
},
{
"db": "NVD",
"id": "CVE-2023-23572"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://jvn.jp/en/jp/jvn82424996/"
},
{
"trust": 1.6,
"url": "https://www.epson.jp/support/misc_t/230308_oshirase.htm"
},
{
"trust": 0.8,
"url": "https://jvn.jp/jp/jvn82424996/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-23572"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-27520"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-23572/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-000022"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-913"
},
{
"db": "NVD",
"id": "CVE-2023-23572"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2023-000022"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-913"
},
{
"db": "NVD",
"id": "CVE-2023-23572"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-000022"
},
{
"date": "2023-04-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202304-913"
},
{
"date": "2023-04-11T09:15:07.707000",
"db": "NVD",
"id": "CVE-2023-23572"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-06-03T08:34:00",
"db": "JVNDB",
"id": "JVNDB-2023-000022"
},
{
"date": "2023-04-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202304-913"
},
{
"date": "2023-08-24T13:33:32.147000",
"db": "NVD",
"id": "CVE-2023-23572"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202304-913"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Seiko Epson printers and network interface products \u00a0Web\u00a0Config\u00a0 Multiple vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-000022"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202304-913"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.