All the vulnerabilites related to SEIKO EPSON CORPORATION - (Multiple Products)
jvndb-2025-004079
Vulnerability from jvndb
Published
2025-04-30 11:46
Modified
2025-04-30 11:46
Severity ?
7.8 (High) - cvssV3_0 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Improper access permission settings in multiple SEIKO EPSON printer drivers for Windows OS
Details
Multiple SEIKO EPSON printer drivers for Windows OS are configured with an improper access permission settings when installed or used in a language other than English. * Incorrect default permissions (CWE-276) - CVE-2025-42598 Private security researcher Erkan Ekici reported this vulnerability to the developer and coordinated. The developer and JPCERT/CC published respective advisories in order to notify users of this vulnerability.
References
JVN https://jvn.jp/en/vu/JVNVU90649144/index.html
CVE https://www.cve.org/CVERecord?id=CVE-2025-42598
Incorrect Default Permissions(CWE-276) https://cwe.mitre.org/data/definitions/276.html
Impacted products
SEIKO EPSON CORPORATION(Multiple Products)
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-004079.html",
  "dc:date": "2025-04-30T11:46+09:00",
  "dcterms:issued": "2025-04-30T11:46+09:00",
  "dcterms:modified": "2025-04-30T11:46+09:00",
  "description": "Multiple SEIKO EPSON printer drivers for Windows OS are configured with an improper access permission settings when installed or used in a language other than English.\r\n\r\n* Incorrect default permissions (CWE-276) - CVE-2025-42598\r\n\r\nPrivate security researcher Erkan Ekici reported this vulnerability to the developer and coordinated. The developer and JPCERT/CC published respective advisories in order to notify users of this vulnerability.",
  "link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-004079.html",
  "sec:cpe": {
    "#text": "cpe:/a:epson:multiple_product",
    "@product": "(Multiple Products)",
    "@vendor": "SEIKO EPSON CORPORATION",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "7.8",
    "@severity": "High",
    "@type": "Base",
    "@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
    "@version": "3.0"
  },
  "sec:identifier": "JVNDB-2025-004079",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/vu/JVNVU90649144/index.html",
      "@id": "JVNVU#90649144",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2025-42598",
      "@id": "CVE-2025-42598",
      "@source": "CVE"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/276.html",
      "@id": "CWE-276",
      "@title": "Incorrect Default Permissions(CWE-276)"
    }
  ],
  "title": "Improper access permission settings in multiple SEIKO EPSON printer drivers for Windows OS"
}

jvndb-2020-000075
Vulnerability from jvndb
Published
2020-11-20 15:39
Modified
2020-11-20 15:39
Severity ?
7.8 (High) - cvssV3_0 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
The installers of multiple SEIKO EPSON products may insecurely load Dynamic Link Libraries
Details
The installers of multiple products by SEIKO EPSON CORPORATION contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427). Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
JVN https://jvn.jp/en/jp/JVN26835001/index.html
JVN https://jvn.jp/en/ta/JVNTA91240916/
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5674
NVD https://nvd.nist.gov/vuln/detail/CVE-2020-5674
No Mapping(CWE-Other) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
Impacted products
SEIKO EPSON CORPORATION(Multiple Products)
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000075.html",
  "dc:date": "2020-11-20T15:39+09:00",
  "dcterms:issued": "2020-11-20T15:39+09:00",
  "dcterms:modified": "2020-11-20T15:39+09:00",
  "description": "The installers of multiple products by SEIKO EPSON CORPORATION contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).\r\n\r\nYuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000075.html",
  "sec:cpe": {
    "#text": "cpe:/a:epson:multiple_product",
    "@product": "(Multiple Products)",
    "@vendor": "SEIKO EPSON CORPORATION",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "6.8",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "7.8",
      "@severity": "High",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2020-000075",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN26835001/index.html",
      "@id": "JVN#26835001",
      "@source": "JVN"
    },
    {
      "#text": "https://jvn.jp/en/ta/JVNTA91240916/",
      "@id": "JVNTA#91240916",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5674",
      "@id": "CVE-2020-5674",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5674",
      "@id": "CVE-2020-5674",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "The installers of multiple SEIKO EPSON products may insecurely load Dynamic Link Libraries"
}