Details of VAR-202303-0411

ID

VAR-202303-0411

CVE

CVE-2023-27520

TITLE

Seiko Epson printers and network interface products Web Config Multiple vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2023-000022

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability in SEIKO EPSON printers/network interface Web Config allows a remote unauthenticated attacker to hijack the authentication and perform unintended operations by having a logged-in user view a malicious page. [Note] Web Config is the software that allows users to check the status and change the settings of SEIKO EPSON printers/network interface via a web browser. According to SEIKO EPSON CORPORATION, it is also called as Remote Manager in some products. Web Config is pre-installed in some printers/network interface provided by SEIKO EPSON CORPORATION. For the details of the affected product names/model numbers, refer to the information provided by the vendor. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Yokohama National University Mayoya Noma Mr. Yuta Morii Mr. Hiroki Yasui Mr. Takayuki Sasaki Mr. Katsunari Yoshioka MrThe potential impact will vary for each vulnerability, but you may be affected by:・The number of users who accessed the setting screen of the product Web Arbitrary scripts are executed on the browser - CVE-2023-23572 ・If a user who is logged in to the product's setting screen accesses a specially crafted page, the product's settings are changed. - CVE-2023-27520

Trust: 1.62

sources: NVD: CVE-2023-27520 // JVNDB: JVNDB-2023-000022

AFFECTED PRODUCTS

vendor:	epson	model:	lp-s5300r	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	lp-s310n	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	sc-p8050	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	sc-t7050	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	lp-s300n	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	sc-t3255	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	lp-8500c	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	px-9550	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	px-9550s	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	sc-f6350	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	px-f10000	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	tm-c3500	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	esnsb2	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	sc-p10050	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	lp-8200c	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	sc-t5250	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	sc-s40650	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	sc-s80650	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	lp-s4500	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	sc-s60650	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	lp-s7000	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	lp-s3500	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	esnsb1	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	sc-t3050	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	prifnw2ac	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	lp-s3000r	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	prifnw1s	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	tm-c7500	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	px-6550	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	sc-f9350	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	px-h10000	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	lp-s7500ps	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	sc-p7050	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	lp-s9000	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	sc-px5v2	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	sc-px3v	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	sc-t5250d	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	px-9500n	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	sc-p6050	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	px-5v	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	sc-f2150	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	lp-9600s	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	sc-s30650	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	prifnw7s	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	px-5800	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	px-7v	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	sc-t7250	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	px-h6000	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	sc-f7100	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	sc-f7200	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	lp-9600	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	esifnw1	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	sc-f9450	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	sc-t7255d	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	prifnw2sac	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	px-b500	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	lp-s8100	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	lp-s3000	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	lp-s5300	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	px-w8000	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	px-f8000m	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	prifnw3	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	px-7500n	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	lp-s3000z	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	prifnw7u	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	lp-s7500	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	lp-s7100	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	lp-s3000ps	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	lp-s5000	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	lp-9200ps3	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	prifnw2	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	px-5002	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	px-f8000	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	lp-9300	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	lp-9200c	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	sc-s60650l	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	px-20000	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	sc-f6000	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	pa-w11g2	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	lp-s4000	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	sc-p20050	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	lp-9200b	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	sc-s70650	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	sc-t7255	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	px-h7000	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	sc-px7v2	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	sc-p9050	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	lp-s6500	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	sc-p5050	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	prifnw1	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	px-7550s	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	sc-f9200	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	lp-9200ps2	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	sc-s80650l	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	sc-t5050	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	sc-t5255d	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	prifnw7	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	sc-f2000	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	px-b510	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	lp-8700ps3	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	stylus pro gs6000	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	sc-t7250d	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	px-6250s	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	lp-9800c	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	px-h9000	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	sc-s50650	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	prifnw6	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	lp-s6000	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	sc-t3250	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	px-7550	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	lp-s5500	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	px-h8000	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	sc-f9450h	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	lp-s4200	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	sc-f6200	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	sc-t5255	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	pa-w11g	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	prifnw3s	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	prifnw2s	scope:	eq	version:	-	Trust: 1.0
vendor:	epson	model:	tm-c3400	scope:	eq	version:	-	Trust: 1.0
vendor:	セイコーエプソン株式会社	model:	web config	scope:	eq	version:	this product has been installed in some seiko epson printers network interface products. please check the information provided by the developer for the products that have been installed.	Trust: 0.8
vendor:	セイコーエプソン株式会社	model:	web config	scope:	eq	version:	-	Trust: 0.8
vendor:	セイコーエプソン株式会社	model:	web config	scope:	eq	version:	according to the developer, in some products remote manager it is said that it is sometimes called.	Trust: 0.8

sources: JVNDB: JVNDB-2023-000022 // NVD: CVE-2023-27520

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-27520
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-202304-716
value:	MEDIUM
Trust: 0.6

IPA:	JVNDB-2023-000022
severity:	LOW
baseScore:	2.6
vectorString:	AV:N/AC:H/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8

nvd@nist.gov:	CVE-2023-27520
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
IPA:	JVNDB-2023-000022
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2023-000022 // CNNVD: CNNVD-202304-716 // NVD: CVE-2023-27520

PROBLEMTYPE DATA

problemtype:	CWE-352	Trust: 1.0
problemtype:	Cross-site scripting (CWE-79) [IPA evaluation ]	Trust: 0.8
problemtype:	Cross-site request forgery (CWE-352) [IPA evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-000022 // NVD: CVE-2023-27520

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202304-716

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202304-716

PATCH

title:	of printers and network interface products Web Config about vulnerabilities in	url:	https://www.epson.jp/support/misc_t/230308_oshirase.htm	Trust: 0.8
title:	EPSON printer Fixes for cross-site scripting vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=234167	Trust: 0.6

sources: JVNDB: JVNDB-2023-000022 // CNNVD: CNNVD-202304-716

EXTERNAL IDS

db:	NVD	id:	CVE-2023-27520	Trust: 3.2
db:	JVN	id:	JVN82424996	Trust: 2.4
db:	JVNDB	id:	JVNDB-2023-000022	Trust: 0.8
db:	CNNVD	id:	CNNVD-202304-716	Trust: 0.6

sources: JVNDB: JVNDB-2023-000022 // CNNVD: CNNVD-202304-716 // NVD: CVE-2023-27520

REFERENCES

url:	https://jvn.jp/en/jp/jvn82424996/	Trust: 1.6
url:	https://www.epson.jp/support/misc_t/230308_oshirase.htm	Trust: 1.6
url:	https://jvn.jp/jp/jvn82424996/index.html	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-23572	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-27520	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2023-27520/	Trust: 0.6

sources: JVNDB: JVNDB-2023-000022 // CNNVD: CNNVD-202304-716 // NVD: CVE-2023-27520

SOURCES

db:	JVNDB	id:	JVNDB-2023-000022
db:	CNNVD	id:	CNNVD-202304-716
db:	NVD	id:	CVE-2023-27520

LAST UPDATE DATE

2024-08-14T14:17:22.271000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2023-000022	date:	2024-06-03T08:34:00
db:	CNNVD	id:	CNNVD-202304-716	date:	2023-04-19T00:00:00
db:	NVD	id:	CVE-2023-27520	date:	2023-08-24T13:33:15.207

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2023-000022	date:	2023-03-08T00:00:00
db:	CNNVD	id:	CNNVD-202304-716	date:	2023-04-11T00:00:00
db:	NVD	id:	CVE-2023-27520	date:	2023-04-11T09:15:08.157