VAR-202303-0412
Vulnerability from variot - Updated: 2025-02-11 23:02Cross-site scripting vulnerability in SEIKO EPSON printers/network interface Web Config allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script. [Note] Web Config is the software that allows users to check the status and change the settings of SEIKO EPSON printers/network interface via a web browser. According to SEIKO EPSON CORPORATION, it is also called as Remote Manager in some products. Web Config is pre-installed in some printers/network interface provided by SEIKO EPSON CORPORATION. For the details of the affected product names/model numbers, refer to the information provided by the vendor. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Yokohama National University Mayoya Noma Mr. Yuta Morii Mr. Hiroki Yasui Mr. Takayuki Sasaki Mr. Katsunari Yoshioka MrThe potential impact will vary for each vulnerability, but you may be affected by:・The number of users who accessed the setting screen of the product Web Arbitrary scripts are executed on the browser - CVE-2023-23572 ・If a user who is logged in to the product's setting screen accesses a specially crafted page, the product's settings are changed. - CVE-2023-27520
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202303-0412",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "lp-8200c",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "prifnw1s",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s8100",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s7100",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "prifnw3s",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "esnsb1",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s7500",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-9200c",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s7500ps",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-8700ps3",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s5300r",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s5500",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s5300",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s310n",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s3000ps",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "prifnw6",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "prifnw7u",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "esnsb2",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-9600s",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s5000",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s4000",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "prifnw2s",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-8500c",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-9600",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "pa-w11g2",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "pa-w11g",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s3500",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-9200ps3",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s6500",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s7000",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "prifnw1",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s4200",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s4500",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-9300",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "prifnw2ac",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "prifnw7",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s9000",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-9200ps2",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "prifnw2sac",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s3000z",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s3000",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "prifnw7s",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "esifnw1",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-9800c",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s6000",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "prifnw2",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s300n",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s3000r",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-9200b",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "prifnw3",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "web config",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30bb\u30a4\u30b3\u30fc\u30a8\u30d7\u30bd\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": "this product has been installed in some seiko epson printers network interface products. please check the information provided by the developer for the products that have been installed."
},
{
"model": "web config",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30bb\u30a4\u30b3\u30fc\u30a8\u30d7\u30bd\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "web config",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30bb\u30a4\u30b3\u30fc\u30a8\u30d7\u30bd\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": "according to the developer, in some products remote manager it is said that it is sometimes called."
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-000022"
},
{
"db": "NVD",
"id": "CVE-2023-23572"
}
]
},
"cve": "CVE-2023-23572",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 3.5,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2023-000022",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.7,
"id": "CVE-2023-23572",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.8,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2023-000022",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "High",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-23572",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2023-23572",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2023-000022",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202304-913",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-000022"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-913"
},
{
"db": "NVD",
"id": "CVE-2023-23572"
},
{
"db": "NVD",
"id": "CVE-2023-23572"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting vulnerability in SEIKO EPSON printers/network interface Web Config allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script. [Note] Web Config is the software that allows users to check the status and change the settings of SEIKO EPSON printers/network interface via a web browser. According to SEIKO EPSON CORPORATION, it is also called as Remote Manager in some products. Web Config is pre-installed in some printers/network interface provided by SEIKO EPSON CORPORATION. For the details of the affected product names/model numbers, refer to the information provided by the vendor. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Yokohama National University Mayoya Noma Mr. Yuta Morii Mr. Hiroki Yasui Mr. Takayuki Sasaki Mr. Katsunari Yoshioka MrThe potential impact will vary for each vulnerability, but you may be affected by:\u30fbThe number of users who accessed the setting screen of the product Web Arbitrary scripts are executed on the browser - CVE-2023-23572 \u30fbIf a user who is logged in to the product\u0027s setting screen accesses a specially crafted page, the product\u0027s settings are changed. - CVE-2023-27520",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-23572"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-000022"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-23572",
"trust": 3.2
},
{
"db": "JVN",
"id": "JVN82424996",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2023-000022",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202304-913",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-000022"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-913"
},
{
"db": "NVD",
"id": "CVE-2023-23572"
}
]
},
"id": "VAR-202303-0412",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.6666667
},
"last_update_date": "2025-02-11T23:02:18.811000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "of printers and network interface products Web\u00a0Config about vulnerabilities in",
"trust": 0.8,
"url": "https://www.epson.jp/support/misc_t/230308_oshirase.htm"
},
{
"title": "EPSON printer Fixes for cross-site request forgery vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=234196"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-000022"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-913"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
},
{
"problemtype": "Cross-site scripting (CWE-79) [IPA evaluation ]",
"trust": 0.8
},
{
"problemtype": " Cross-site request forgery (CWE-352) [IPA evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-000022"
},
{
"db": "NVD",
"id": "CVE-2023-23572"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://jvn.jp/en/jp/jvn82424996/"
},
{
"trust": 1.6,
"url": "https://www.epson.jp/support/misc_t/230308_oshirase.htm"
},
{
"trust": 0.8,
"url": "https://jvn.jp/jp/jvn82424996/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-23572"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-27520"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-23572/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-000022"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-913"
},
{
"db": "NVD",
"id": "CVE-2023-23572"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2023-000022"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-913"
},
{
"db": "NVD",
"id": "CVE-2023-23572"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-000022"
},
{
"date": "2023-04-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202304-913"
},
{
"date": "2023-04-11T09:15:07.707000",
"db": "NVD",
"id": "CVE-2023-23572"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-06-03T08:34:00",
"db": "JVNDB",
"id": "JVNDB-2023-000022"
},
{
"date": "2023-04-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202304-913"
},
{
"date": "2025-02-11T16:15:31.730000",
"db": "NVD",
"id": "CVE-2023-23572"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202304-913"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Seiko Epson printers and network interface products \u00a0Web\u00a0Config\u00a0 Multiple vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-000022"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202304-913"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…