JVN#61337171
SEIKO EPSON printer Web Config vulnerable to denial-of-service (DoS)
Overview
SEIKO EPSON printer Web Config contains a denial-of-service (DoS) vulnerability due to improper input validation.
Products Affected
- Web Config
Web Config is pre-installed on some printers provided by SEIKO EPSON CORPORATION. For the details of the affected product names/model numbers, refer to the information provided by the developer.
Description
SEIKO EPSON printer Web Config contains a denial-of-service (DoS) vulnerability due to improper input validation (CWE-20).
Impact
The printer may be turned off by a remote attacker.
Solution
Apply workarounds
The developer strongly recommends users to apply workarounds, as the update firmware for the printers is not planned to be released.
For more information, refer to the information provided by the developer.
Vendor Status
Vendor | Link |
SEIKO EPSON CORPORATION | Vulnerability in SEIKO EPSON printers Web Config (Text in Japanese) |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Attack Vector(AV) | Physical (P) | Local (L) | Adjacent (A) | Network (N) |
---|---|---|---|---|
Attack Complexity(AC) | High (H) | Low (L) | ||
Privileges Required(PR) | High (H) | Low (L) | None (N) | |
User Interaction(UI) | Required (R) | None (N) | ||
Scope(S) | Unchanged (U) | Changed (C) | ||
Confidentiality Impact(C) | None (N) | Low (L) | High (H) | |
Integrity Impact(I) | None (N) | Low (L) | High (H) | |
Availability Impact(A) | None (N) | Low (L) | High (H) |
Access Vector(AV) | Local (L) | Adjacent Network (A) | Network (N) |
---|---|---|---|
Access Complexity(AC) | High (H) | Medium (M) | Low (L) |
Authentication(Au) | Multiple (M) | Single (S) | None (N) |
Confidentiality Impact(C) | None (N) | Partial (P) | Complete (C) |
Integrity Impact(I) | None (N) | Partial (P) | Complete (C) |
Availability Impact(A) | None (N) | Partial (P) | Complete (C) |
Credit
SEIKO EPSON CORPORATION reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and SEIKO EPSON CORPORATION coordinated under the Information Security Early Warning Partnership.
Other Information
JPCERT Alert |
|
JPCERT Reports |
|
CERT Advisory |
|
CPNI Advisory |
|
TRnotes |
|
CVE |
CVE-2023-38556 |
JVN iPedia |
JVNDB-2023-000076 |