CVE-2023-23572 : Cross-site scripting vulnerability in SEIKO EPSON printers/network interface Web

Cross-site scripting vulnerability in SEIKO EPSON printers/network interface Web Config allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script. [Note] Web Config is the software that allows users to check the status and change the settings of SEIKO EPSON printers/network interface via a web browser. According to SEIKO EPSON CORPORATION, it is also called as Remote Manager in some products. Web Config is pre-installed in some printers/network interface provided by SEIKO EPSON CORPORATION. For the details of the affected product names/model numbers, refer to the information provided by the vendor.

Published 2023-04-11 09:15:08

Updated 2025-02-11 16:15:32

Source JPCERT/CC

View at NVD, CVE.org

Vulnerability category: Cross site scripting (XSS)

Products affected by CVE-2023-23572

Epson » Lp-9200ps2 Firmware » Version: N/A
cpe:2.3:o:epson:lp-9200ps2_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Epson » Lp-9200ps2 » Version: N/A
Epson » Lp-9200ps3 Firmware » Version: N/A
cpe:2.3:o:epson:lp-9200ps3_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Epson » Lp-9200ps3 » Version: N/A
Epson » Lp-8200c Firmware » Version: N/A
cpe:2.3:o:epson:lp-8200c_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Epson » Lp-8200c » Version: N/A
Epson » Lp-9600 Firmware » Version: N/A
cpe:2.3:o:epson:lp-9600_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Epson » Lp-9600 » Version: N/A
Epson » Lp-9600s Firmware » Version: N/A
cpe:2.3:o:epson:lp-9600s_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Epson » Lp-9600s » Version: N/A
Epson » Lp-9300 Firmware » Version: N/A
cpe:2.3:o:epson:lp-9300_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Epson » Lp-9300 » Version: N/A
Epson » Lp-8500c Firmware » Version: N/A
cpe:2.3:o:epson:lp-8500c_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Epson » Lp-8500c » Version: N/A
Epson » Lp-8700ps3 Firmware » Version: N/A
cpe:2.3:o:epson:lp-8700ps3_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Epson » Lp-8700ps3 » Version: N/A
Epson » Lp-9800c Firmware » Version: N/A
cpe:2.3:o:epson:lp-9800c_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Epson » Lp-9800c » Version: N/A
Epson » Lp-s5500 Firmware » Version: N/A
cpe:2.3:o:epson:lp-s5500_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Epson » Lp-s5500 » Version: N/A
Epson » Lp-9200b Firmware » Version: N/A
cpe:2.3:o:epson:lp-9200b_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Epson » Lp-9200b » Version: N/A
Epson » Lp-9200c Firmware » Version: N/A
cpe:2.3:o:epson:lp-9200c_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Epson » Lp-9200c » Version: N/A
Epson » Lp-s4500 Firmware » Version: N/A
cpe:2.3:o:epson:lp-s4500_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Epson » Lp-s4500 » Version: N/A
Epson » Lp-s6500 Firmware » Version: N/A
cpe:2.3:o:epson:lp-s6500_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Epson » Lp-s6500 » Version: N/A
Epson » Lp-s7000 Firmware » Version: N/A
cpe:2.3:o:epson:lp-s7000_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Epson » Lp-s7000 » Version: N/A
Epson » Lp-s5000 Firmware » Version: N/A
cpe:2.3:o:epson:lp-s5000_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Epson » Lp-s5000 » Version: N/A
Epson » Lp-s4000 Firmware » Version: N/A
cpe:2.3:o:epson:lp-s4000_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Epson » Lp-s4000 » Version: N/A
Epson » Lp-s6000 Firmware » Version: N/A
cpe:2.3:o:epson:lp-s6000_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Epson » Lp-s6000 » Version: N/A
Epson » Lp-s5300 Firmware » Version: N/A
cpe:2.3:o:epson:lp-s5300_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Epson » Lp-s5300 » Version: N/A
Epson » Lp-s5300r Firmware » Version: N/A
cpe:2.3:o:epson:lp-s5300r_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Epson » Lp-s5300r » Version: N/A
Epson » Lp-s300n Firmware » Version: N/A
cpe:2.3:o:epson:lp-s300n_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Epson » Lp-s300n » Version: N/A
Epson » Lp-s310n Firmware » Version: N/A
cpe:2.3:o:epson:lp-s310n_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Epson » Lp-s310n » Version: N/A
Epson » Lp-s3000 Firmware » Version: N/A
cpe:2.3:o:epson:lp-s3000_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Epson » Lp-s3000 » Version: N/A
Epson » Lp-s3000r Firmware » Version: N/A
cpe:2.3:o:epson:lp-s3000r_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Epson » Lp-s3000r » Version: N/A
Epson » Lp-s3000z Firmware » Version: N/A
cpe:2.3:o:epson:lp-s3000z_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Epson » Lp-s3000z » Version: N/A
Epson » Lp-s3000ps Firmware » Version: N/A
cpe:2.3:o:epson:lp-s3000ps_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Epson » Lp-s3000ps » Version: N/A
Epson » Lp-s7500 Firmware » Version: N/A
cpe:2.3:o:epson:lp-s7500_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Epson » Lp-s7500 » Version: N/A
Epson » Lp-s7500ps Firmware » Version: N/A
cpe:2.3:o:epson:lp-s7500ps_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Epson » Lp-s7500ps » Version: N/A
Epson » Lp-s3500 Firmware » Version: N/A
cpe:2.3:o:epson:lp-s3500_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Epson » Lp-s3500 » Version: N/A
Epson » Lp-s4200 Firmware » Version: N/A
cpe:2.3:o:epson:lp-s4200_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Epson » Lp-s4200 » Version: N/A
Epson » Lp-s9000 Firmware » Version: N/A
cpe:2.3:o:epson:lp-s9000_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Epson » Lp-s9000 » Version: N/A
Epson » Lp-s7100 Firmware » Version: N/A
cpe:2.3:o:epson:lp-s7100_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Epson » Lp-s7100 » Version: N/A
Epson » Lp-s8100 Firmware » Version: N/A
cpe:2.3:o:epson:lp-s8100_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Epson » Lp-s8100 » Version: N/A
Epson » Prifnw1 Firmware » Version: N/A
cpe:2.3:o:epson:prifnw1_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Epson » Prifnw1 » Version: N/A
Epson » Prifnw1s Firmware » Version: N/A
cpe:2.3:o:epson:prifnw1s_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Epson » Prifnw1s » Version: N/A
Epson » Prifnw2 Firmware » Version: N/A
cpe:2.3:o:epson:prifnw2_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Epson » Prifnw2 » Version: N/A
Epson » Prifnw2ac Firmware » Version: N/A
cpe:2.3:o:epson:prifnw2ac_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Epson » Prifnw2ac » Version: N/A
Epson » Prifnw2s Firmware » Version: N/A
cpe:2.3:o:epson:prifnw2s_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Epson » Prifnw2s » Version: N/A
Epson » Prifnw2sac Firmware » Version: N/A
cpe:2.3:o:epson:prifnw2sac_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Epson » Prifnw2sac » Version: N/A
Epson » Prifnw3 Firmware » Version: N/A
cpe:2.3:o:epson:prifnw3_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Epson » Prifnw3 » Version: N/A
Epson » Prifnw3s Firmware » Version: N/A
cpe:2.3:o:epson:prifnw3s_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Epson » Prifnw3s » Version: N/A
Epson » Prifnw6 Firmware » Version: N/A
cpe:2.3:o:epson:prifnw6_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Epson » Prifnw6 » Version: N/A
Epson » Prifnw7 Firmware » Version: N/A
cpe:2.3:o:epson:prifnw7_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Epson » Prifnw7 » Version: N/A
Epson » Prifnw7u Firmware » Version: N/A
cpe:2.3:o:epson:prifnw7u_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Epson » Prifnw7u » Version: N/A
Epson » Prifnw7s Firmware » Version: N/A
cpe:2.3:o:epson:prifnw7s_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Epson » Prifnw7s » Version: N/A
Epson » Pa-w11g Firmware » Version: N/A
cpe:2.3:o:epson:pa-w11g_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Epson » Pa-w11g » Version: N/A
Epson » Pa-w11g2 Firmware » Version: N/A
cpe:2.3:o:epson:pa-w11g2_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Epson » Pa-w11g2 » Version: N/A
Epson » Esnsb1 Firmware » Version: N/A
cpe:2.3:o:epson:esnsb1_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Epson » Esnsb1 » Version: N/A
Epson » Esnsb2 Firmware » Version: N/A
cpe:2.3:o:epson:esnsb2_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Epson » Esnsb2 » Version: N/A
Epson » Esifnw1 Firmware » Version: N/A
cpe:2.3:o:epson:esifnw1_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Epson » Esifnw1 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2023-23572

EPSS FAQ

0.28%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 49 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-23572

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.8	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N	1.7	2.7	134c704f-9b21-4f2e-91b3-4a467353bcc0	2025-02-11
Attack Vector: Network Attack Complexity: Low Privileges Required: High User Interaction: Required Scope: Changed Confidentiality: Low Integrity: Low Availability: None
4.8	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N	1.7	2.7	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: High User Interaction: Required Scope: Changed Confidentiality: Low Integrity: Low Availability: None

CWE ids for CVE-2023-23572

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Assigned by:
- 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
- nvd@nist.gov (Primary)
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2023-23572

https://www.epson.jp/support/misc_t/230308_oshirase.htm

プリンターおよびネットワークインターフェイス製品のWeb Configにおける脆弱性について｜サポート&ダウンロード｜エプソン
Mitigation;Vendor Advisory

CVEs referencing this url
https://jvn.jp/en/jp/JVN82424996/

JVN#82424996: Multiple vulnerabilities in SEIKO EPSON printers/network interface Web Config
Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2023-23572

Products affected by CVE-2023-23572

Exploit prediction scoring system (EPSS) score for CVE-2023-23572

CVSS scores for CVE-2023-23572

CWE ids for CVE-2023-23572

References for CVE-2023-23572