All the vulnerabilites related to SEIKO EPSON CORPORATION - (Multiple Products)
jvndb-2025-004079
Vulnerability from jvndb
Published
2025-04-30 11:46
Modified
2025-04-30 11:46
Severity ?
Summary
Improper access permission settings in multiple SEIKO EPSON printer drivers for Windows OS
Details
Multiple SEIKO EPSON printer drivers for Windows OS are configured with an improper access permission settings when installed or used in a language other than English.
* Incorrect default permissions (CWE-276) - CVE-2025-42598
Private security researcher Erkan Ekici reported this vulnerability to the developer and coordinated. The developer and JPCERT/CC published respective advisories in order to notify users of this vulnerability.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/vu/JVNVU90649144/index.html | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2025-42598 | |
| Incorrect Default Permissions(CWE-276) | https://cwe.mitre.org/data/definitions/276.html |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| SEIKO EPSON CORPORATION | (Multiple Products) |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-004079.html",
"dc:date": "2025-04-30T11:46+09:00",
"dcterms:issued": "2025-04-30T11:46+09:00",
"dcterms:modified": "2025-04-30T11:46+09:00",
"description": "Multiple SEIKO EPSON printer drivers for Windows OS are configured with an improper access permission settings when installed or used in a language other than English.\r\n\r\n* Incorrect default permissions (CWE-276) - CVE-2025-42598\r\n\r\nPrivate security researcher Erkan Ekici reported this vulnerability to the developer and coordinated. The developer and JPCERT/CC published respective advisories in order to notify users of this vulnerability.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-004079.html",
"sec:cpe": {
"#text": "cpe:/a:epson:multiple_product",
"@product": "(Multiple Products)",
"@vendor": "SEIKO EPSON CORPORATION",
"@version": "2.2"
},
"sec:cvss": {
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-004079",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU90649144/index.html",
"@id": "JVNVU#90649144",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-42598",
"@id": "CVE-2025-42598",
"@source": "CVE"
},
{
"#text": "https://cwe.mitre.org/data/definitions/276.html",
"@id": "CWE-276",
"@title": "Incorrect Default Permissions(CWE-276)"
}
],
"title": "Improper access permission settings in multiple SEIKO EPSON printer drivers for Windows OS"
}
jvndb-2025-010972
Vulnerability from jvndb
Published
2025-08-08 14:50
Modified
2025-08-08 14:50
Severity ?
Summary
Multiple SEIKO EPSON products use weak initial passwords
Details
Multiple SEIKO EPSON products contain the following vulnerability.
<ul><li>Use of weak credentials (CWE-1391) - CVE-2025-35970</li>
<ul><li>The initial administrator password is easy to guess from the information available via SNMP</li></ul>
</ul>
SEIKO EPSON CORPORATION reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/vu/JVNVU91363496/index.html | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2025-35970 | |
| Use of Weak Credentials(CWE-1391) | https://cwe.mitre.org/data/definitions/1391.html |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| SEIKO EPSON CORPORATION | (Multiple Products) |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-010972.html",
"dc:date": "2025-08-08T14:50+09:00",
"dcterms:issued": "2025-08-08T14:50+09:00",
"dcterms:modified": "2025-08-08T14:50+09:00",
"description": "Multiple SEIKO EPSON products contain the following vulnerability.\r\n\u003cul\u003e\u003cli\u003eUse of weak credentials (CWE-1391) - CVE-2025-35970\u003c/li\u003e\r\n\u003cul\u003e\u003cli\u003eThe initial administrator password is easy to guess from the information available via SNMP\u003c/li\u003e\u003c/ul\u003e\r\n\u003c/ul\u003e\r\nSEIKO EPSON CORPORATION reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-010972.html",
"sec:cpe": {
"#text": "cpe:/a:epson:multiple_product",
"@product": "(Multiple Products)",
"@vendor": "SEIKO EPSON CORPORATION",
"@version": "2.2"
},
"sec:cvss": {
"@score": "7.5",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-010972",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU91363496/index.html",
"@id": "JVNVU#91363496",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-35970",
"@id": "CVE-2025-35970",
"@source": "CVE"
},
{
"#text": "https://cwe.mitre.org/data/definitions/1391.html",
"@id": "CWE-1391",
"@title": "Use of Weak Credentials(CWE-1391)"
}
],
"title": "Multiple SEIKO EPSON products use weak initial passwords"
}
jvndb-2025-008145
Vulnerability from jvndb
Published
2025-07-08 14:08
Modified
2025-07-08 14:08
Severity ?
Summary
Epson Web Installer for Mac vulnerable to missing authentication for critical function
Details
Epson Web Installer for Mac provided by SEIKO EPSON CORPORATION contains a missing authentication for critical function vulnerability.
Epson Web Installer for Mac provided by SEIKO EPSON CORPORATION is used to install drivers for SEIKO EPSON's products. It contains "helper tool" and launches it in the middle of the execution.
"helper tool" contains the following vulnerability.
<ul><li>Missing authentication for critical function (CWE-306) - CVE-2025-4960</li>
<ul><li>This is exploitable only while "helper tool" is running.</li></ul>
</ul>
Carlos Garrido of Pentraze Cybersecurity reported this vulnerability to SEIKO EPSON CORPORATION and coordinated. After the coordination was completed, SEIKO EPSON CORPORATION reported the case to JPCERT/CC to notify users of the solution through JVN.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/vu/JVNVU93543156/index.html | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2025-4960 | |
| Missing Authentication for Critical Function(CWE-306) | https://cwe.mitre.org/data/definitions/306.html |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| SEIKO EPSON CORPORATION | (Multiple Products) |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-008145.html",
"dc:date": "2025-07-08T14:08+09:00",
"dcterms:issued": "2025-07-08T14:08+09:00",
"dcterms:modified": "2025-07-08T14:08+09:00",
"description": "Epson Web Installer for Mac provided by SEIKO EPSON CORPORATION contains a missing authentication for critical function vulnerability.\r\nEpson Web Installer for Mac provided by SEIKO EPSON CORPORATION is used to install drivers for SEIKO EPSON\u0027s products. It contains \"helper tool\" and launches it in the middle of the execution.\r\n\r\n\"helper tool\" contains the following vulnerability.\r\n\u003cul\u003e\u003cli\u003eMissing authentication for critical function (CWE-306) - CVE-2025-4960\u003c/li\u003e\r\n\u003cul\u003e\u003cli\u003eThis is exploitable only while \"helper tool\" is running.\u003c/li\u003e\u003c/ul\u003e\r\n\u003c/ul\u003e\r\nCarlos Garrido of Pentraze Cybersecurity reported this vulnerability to SEIKO EPSON CORPORATION and coordinated. After the coordination was completed, SEIKO EPSON CORPORATION reported the case to JPCERT/CC to notify users of the solution through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-008145.html",
"sec:cpe": {
"#text": "cpe:/a:epson:multiple_product",
"@product": "(Multiple Products)",
"@vendor": "SEIKO EPSON CORPORATION",
"@version": "2.2"
},
"sec:cvss": {
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-008145",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU93543156/index.html",
"@id": "JVNVU#93543156",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-4960",
"@id": "CVE-2025-4960",
"@source": "CVE"
},
{
"#text": "https://cwe.mitre.org/data/definitions/306.html",
"@id": "CWE-306",
"@title": "Missing Authentication for Critical Function(CWE-306)"
}
],
"title": "Epson Web Installer for Mac vulnerable to missing authentication for critical function"
}
jvndb-2020-000075
Vulnerability from jvndb
Published
2020-11-20 15:39
Modified
2020-11-20 15:39
Severity ?
Summary
The installers of multiple SEIKO EPSON products may insecurely load Dynamic Link Libraries
Details
The installers of multiple products by SEIKO EPSON CORPORATION contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| SEIKO EPSON CORPORATION | (Multiple Products) |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000075.html",
"dc:date": "2020-11-20T15:39+09:00",
"dcterms:issued": "2020-11-20T15:39+09:00",
"dcterms:modified": "2020-11-20T15:39+09:00",
"description": "The installers of multiple products by SEIKO EPSON CORPORATION contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).\r\n\r\nYuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000075.html",
"sec:cpe": {
"#text": "cpe:/a:epson:multiple_product",
"@product": "(Multiple Products)",
"@vendor": "SEIKO EPSON CORPORATION",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2020-000075",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN26835001/index.html",
"@id": "JVN#26835001",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/en/ta/JVNTA91240916/",
"@id": "JVNTA#91240916",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5674",
"@id": "CVE-2020-5674",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5674",
"@id": "CVE-2020-5674",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "The installers of multiple SEIKO EPSON products may insecurely load Dynamic Link Libraries"
}