Refine your search
6 vulnerabilities found for (Multiple Products) by SEIKO EPSON CORPORATION
jvndb-2026-006102
Vulnerability from jvndb
Published
2026-03-06 10:31
Modified
2026-03-06 10:31
Summary
Security issues in ESC/POS
Details
ESC/POS is a printer control language designed by Seiko Epson Corporation for controlling POS printers and related devices. The following security issues have been identified with ESC/POS.
Products implementing ESC/POS need to be designed and operated with consideration of the following security issues:
Missing authentication for critical function (CWE-306)
ESC/POS does not define any mechanisms for user authentication or command authorization. Consequently, printers accepting ESC/POS commands over a network have no restrictions on connections, allowing commands to be sent from any host on the network.
Improper access control (CWE-284)
ESC/POS does not define any mechanisms to restrict origins or destinations of communication. Many printers listen for ESC/POS communication on TCP port 9100 by default, potentially allowing access from any host on the network.
Cleartext transmission of sensitive information (CWE-319)
ESC/POS command transmission does not provide encryption or integrity protection mechanisms, and communicate is performed in plaintext. Consequently, attackers on the same network could be able to intercept or tamper with transmitted data.
JPCERT/CC has assigned CVE-2026-23767 to the vulnerability originating from the ESC/POS specification.
This document was written by Seiko Epson Corporation and JPCERT/CC.
The issue regarding the lack of an authentication mechanism was reported to Seiko Epson Corporation by Michael Cook (FutileSkills), and coordinated by JPCERT/CC.
References
| Type | URL | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-006102.html",
"dc:date": "2026-03-06T10:31+09:00",
"dcterms:issued": "2026-03-06T10:31+09:00",
"dcterms:modified": "2026-03-06T10:31+09:00",
"description": "ESC/POS is a printer control language designed by Seiko Epson Corporation for controlling POS printers and related devices. The following security issues have been identified with ESC/POS.\r\nProducts implementing ESC/POS need to be designed and operated with consideration of the following security issues:\r\n\r\nMissing authentication for critical function (CWE-306)\r\nESC/POS does not define any mechanisms for user authentication or command authorization. Consequently, printers accepting ESC/POS commands over a network have no restrictions on connections, allowing commands to be sent from any host on the network.\r\n\r\nImproper access control (CWE-284)\r\nESC/POS does not define any mechanisms to restrict origins or destinations of communication. Many printers listen for ESC/POS communication on TCP port 9100 by default, potentially allowing access from any host on the network.\r\n\r\nCleartext transmission of sensitive information (CWE-319)\r\nESC/POS command transmission does not provide encryption or integrity protection mechanisms, and communicate is performed in plaintext. Consequently, attackers on the same network could be able to intercept or tamper with transmitted data.\r\n\r\nJPCERT/CC has assigned CVE-2026-23767 to the vulnerability originating from the ESC/POS specification.\r\nThis document was written by Seiko Epson Corporation and JPCERT/CC.\r\nThe issue regarding the lack of an authentication mechanism was reported to Seiko Epson Corporation by Michael Cook (FutileSkills), and coordinated by JPCERT/CC.",
"link": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-006102.html",
"sec:cpe": {
"#text": "cpe:/a:epson:multiple_product",
"@product": "(Multiple Products)",
"@vendor": "SEIKO EPSON CORPORATION",
"@version": "2.2"
},
"sec:identifier": "JVNDB-2026-006102",
"sec:references": [
{
"#text": "https://jvn.jp/en/ta/JVNTA97995322/index.html",
"@id": "JVNTA#97995322",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-23767",
"@id": "CVE-2026-23767",
"@source": "CVE"
},
{
"#text": "https://cwe.mitre.org/data/definitions/284.html",
"@id": "CWE-284",
"@title": "Improper Access Control(CWE-284)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/306.html",
"@id": "CWE-306",
"@title": "Missing Authentication for Critical Function(CWE-306)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/319.html",
"@id": "CWE-319",
"@title": "Cleartext Transmission of Sensitive Information(CWE-319)"
}
],
"title": "Security issues in ESC/POS"
}
jvndb-2025-019621
Vulnerability from jvndb
Published
2025-11-21 15:31
Modified
2025-12-24 10:54
Severity ?
Summary
EPSON WebConfig / Epson Web Control for SEIKO EPSON Projector Products do not restrict excessive authentication attempts
Details
EPSON WebConfig / Epson Web Control for SEIKO EPSON Projector Products provided by SEIKO EPSON CORPORATION contain the following vulnerability.<ul><li>Improper restriction of excessive authentication attempts (CWE-307) - CVE-2025-64310</li></ul>
Vladislav Khegay and Aigerim Alibek of Astana IT University reported this vulnerability to SEIKO EPSON CORPORATION and coordinated. SEIKO EPSON CORPORATION and JPCERT/CC published respective advisories in order to notify users of this vulnerability.
References
| Type | URL | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-019621.html",
"dc:date": "2025-12-24T10:54+09:00",
"dcterms:issued": "2025-11-21T15:31+09:00",
"dcterms:modified": "2025-12-24T10:54+09:00",
"description": "EPSON WebConfig / Epson Web Control for SEIKO EPSON Projector Products provided by SEIKO EPSON CORPORATION contain the following vulnerability.\u003cul\u003e\u003cli\u003eImproper restriction of excessive authentication attempts (CWE-307) - CVE-2025-64310\u003c/li\u003e\u003c/ul\u003e\r\nVladislav Khegay and Aigerim Alibek of Astana IT University reported this vulnerability to SEIKO EPSON CORPORATION and coordinated. SEIKO EPSON CORPORATION and JPCERT/CC published respective advisories in order to notify users of this vulnerability.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-019621.html",
"sec:cpe": {
"#text": "cpe:/a:epson:multiple_product",
"@product": "(Multiple Products)",
"@vendor": "SEIKO EPSON CORPORATION",
"@version": "2.2"
},
"sec:cvss": {
"@score": "9.8",
"@severity": "Critical",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-019621",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU95021911/index.html",
"@id": "JVNVU#95021911",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-64310",
"@id": "CVE-2025-64310",
"@source": "CVE"
},
{
"#text": "https://cwe.mitre.org/data/definitions/307.html",
"@id": "CWE-307",
"@title": "Improper Restriction of Excessive Authentication Attempts(CWE-307)"
}
],
"title": "EPSON WebConfig / Epson Web Control for SEIKO EPSON Projector Products do not restrict excessive authentication attempts"
}
jvndb-2025-010972
Vulnerability from jvndb
Published
2025-08-08 14:50
Modified
2025-08-08 14:50
Severity ?
Summary
Multiple SEIKO EPSON products use weak initial passwords
Details
Multiple SEIKO EPSON products contain the following vulnerability.
<ul><li>Use of weak credentials (CWE-1391) - CVE-2025-35970</li>
<ul><li>The initial administrator password is easy to guess from the information available via SNMP</li></ul>
</ul>
SEIKO EPSON CORPORATION reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.
References
| Type | URL | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-010972.html",
"dc:date": "2025-08-08T14:50+09:00",
"dcterms:issued": "2025-08-08T14:50+09:00",
"dcterms:modified": "2025-08-08T14:50+09:00",
"description": "Multiple SEIKO EPSON products contain the following vulnerability.\r\n\u003cul\u003e\u003cli\u003eUse of weak credentials (CWE-1391) - CVE-2025-35970\u003c/li\u003e\r\n\u003cul\u003e\u003cli\u003eThe initial administrator password is easy to guess from the information available via SNMP\u003c/li\u003e\u003c/ul\u003e\r\n\u003c/ul\u003e\r\nSEIKO EPSON CORPORATION reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-010972.html",
"sec:cpe": {
"#text": "cpe:/a:epson:multiple_product",
"@product": "(Multiple Products)",
"@vendor": "SEIKO EPSON CORPORATION",
"@version": "2.2"
},
"sec:cvss": {
"@score": "7.5",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-010972",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU91363496/index.html",
"@id": "JVNVU#91363496",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-35970",
"@id": "CVE-2025-35970",
"@source": "CVE"
},
{
"#text": "https://cwe.mitre.org/data/definitions/1391.html",
"@id": "CWE-1391",
"@title": "Use of Weak Credentials(CWE-1391)"
}
],
"title": "Multiple SEIKO EPSON products use weak initial passwords"
}
jvndb-2025-008145
Vulnerability from jvndb
Published
2025-07-08 14:08
Modified
2025-07-08 14:08
Severity ?
Summary
Epson Web Installer for Mac vulnerable to missing authentication for critical function
Details
Epson Web Installer for Mac provided by SEIKO EPSON CORPORATION contains a missing authentication for critical function vulnerability.
Epson Web Installer for Mac provided by SEIKO EPSON CORPORATION is used to install drivers for SEIKO EPSON's products. It contains "helper tool" and launches it in the middle of the execution.
"helper tool" contains the following vulnerability.
<ul><li>Missing authentication for critical function (CWE-306) - CVE-2025-4960</li>
<ul><li>This is exploitable only while "helper tool" is running.</li></ul>
</ul>
Carlos Garrido of Pentraze Cybersecurity reported this vulnerability to SEIKO EPSON CORPORATION and coordinated. After the coordination was completed, SEIKO EPSON CORPORATION reported the case to JPCERT/CC to notify users of the solution through JVN.
References
| Type | URL | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-008145.html",
"dc:date": "2025-07-08T14:08+09:00",
"dcterms:issued": "2025-07-08T14:08+09:00",
"dcterms:modified": "2025-07-08T14:08+09:00",
"description": "Epson Web Installer for Mac provided by SEIKO EPSON CORPORATION contains a missing authentication for critical function vulnerability.\r\nEpson Web Installer for Mac provided by SEIKO EPSON CORPORATION is used to install drivers for SEIKO EPSON\u0027s products. It contains \"helper tool\" and launches it in the middle of the execution.\r\n\r\n\"helper tool\" contains the following vulnerability.\r\n\u003cul\u003e\u003cli\u003eMissing authentication for critical function (CWE-306) - CVE-2025-4960\u003c/li\u003e\r\n\u003cul\u003e\u003cli\u003eThis is exploitable only while \"helper tool\" is running.\u003c/li\u003e\u003c/ul\u003e\r\n\u003c/ul\u003e\r\nCarlos Garrido of Pentraze Cybersecurity reported this vulnerability to SEIKO EPSON CORPORATION and coordinated. After the coordination was completed, SEIKO EPSON CORPORATION reported the case to JPCERT/CC to notify users of the solution through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-008145.html",
"sec:cpe": {
"#text": "cpe:/a:epson:multiple_product",
"@product": "(Multiple Products)",
"@vendor": "SEIKO EPSON CORPORATION",
"@version": "2.2"
},
"sec:cvss": {
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-008145",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU93543156/index.html",
"@id": "JVNVU#93543156",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-4960",
"@id": "CVE-2025-4960",
"@source": "CVE"
},
{
"#text": "https://cwe.mitre.org/data/definitions/306.html",
"@id": "CWE-306",
"@title": "Missing Authentication for Critical Function(CWE-306)"
}
],
"title": "Epson Web Installer for Mac vulnerable to missing authentication for critical function"
}
jvndb-2025-004079
Vulnerability from jvndb
Published
2025-04-30 11:46
Modified
2025-04-30 11:46
Severity ?
Summary
Improper access permission settings in multiple SEIKO EPSON printer drivers for Windows OS
Details
Multiple SEIKO EPSON printer drivers for Windows OS are configured with an improper access permission settings when installed or used in a language other than English.
* Incorrect default permissions (CWE-276) - CVE-2025-42598
Private security researcher Erkan Ekici reported this vulnerability to the developer and coordinated. The developer and JPCERT/CC published respective advisories in order to notify users of this vulnerability.
References
| Type | URL | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-004079.html",
"dc:date": "2025-04-30T11:46+09:00",
"dcterms:issued": "2025-04-30T11:46+09:00",
"dcterms:modified": "2025-04-30T11:46+09:00",
"description": "Multiple SEIKO EPSON printer drivers for Windows OS are configured with an improper access permission settings when installed or used in a language other than English.\r\n\r\n* Incorrect default permissions (CWE-276) - CVE-2025-42598\r\n\r\nPrivate security researcher Erkan Ekici reported this vulnerability to the developer and coordinated. The developer and JPCERT/CC published respective advisories in order to notify users of this vulnerability.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-004079.html",
"sec:cpe": {
"#text": "cpe:/a:epson:multiple_product",
"@product": "(Multiple Products)",
"@vendor": "SEIKO EPSON CORPORATION",
"@version": "2.2"
},
"sec:cvss": {
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-004079",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU90649144/index.html",
"@id": "JVNVU#90649144",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-42598",
"@id": "CVE-2025-42598",
"@source": "CVE"
},
{
"#text": "https://cwe.mitre.org/data/definitions/276.html",
"@id": "CWE-276",
"@title": "Incorrect Default Permissions(CWE-276)"
}
],
"title": "Improper access permission settings in multiple SEIKO EPSON printer drivers for Windows OS"
}
jvndb-2020-000075
Vulnerability from jvndb
Published
2020-11-20 15:39
Modified
2020-11-20 15:39
Severity ?
Summary
The installers of multiple SEIKO EPSON products may insecurely load Dynamic Link Libraries
Details
The installers of multiple products by SEIKO EPSON CORPORATION contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000075.html",
"dc:date": "2020-11-20T15:39+09:00",
"dcterms:issued": "2020-11-20T15:39+09:00",
"dcterms:modified": "2020-11-20T15:39+09:00",
"description": "The installers of multiple products by SEIKO EPSON CORPORATION contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).\r\n\r\nYuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000075.html",
"sec:cpe": {
"#text": "cpe:/a:epson:multiple_product",
"@product": "(Multiple Products)",
"@vendor": "SEIKO EPSON CORPORATION",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2020-000075",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN26835001/index.html",
"@id": "JVN#26835001",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/en/ta/JVNTA91240916/",
"@id": "JVNTA#91240916",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5674",
"@id": "CVE-2020-5674",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5674",
"@id": "CVE-2020-5674",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "The installers of multiple SEIKO EPSON products may insecurely load Dynamic Link Libraries"
}