#VU73150 Cross-site request forgery in Seiko Epson Corporation products - CVE-2023-23572
Published: March 8, 2023
Vulnerability identifier: #VU73150
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-23572
CWE-ID: CWE-352
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Web Config
LP-9200PS2
LP-9200PS3
LP-8200C
LP-9600
LP-9600S
LP-9300
LP-8500C
LP-3000C
LP-8700PS3
LP-9800C
LP-S5500
LP-9200B
LP-9200C
LP-S4500
LP-S6500
LP-S7000
LP-S5000
LP-S4000
LP-S6000
LP-S5000R
LP-S5000Z
LP-S5000ZR
LP-S5300
LP-S5300R
LP-S300N
LP-S210
LP-S310
LP-S310N
LP-S3000
LP-S3000R
LP-S3000Z
LP-S3000PS
LP-S7500
LP-S7500AS
LP-S7500AH
LP-S7500AP
LP-S3500
LP-S4200
LP-S9000
LP-S7100
LP-S8100
PRIFNW1
PRIFNW1S
PRIFNW2
PRIFNW2AC
PRIFNW2S
PRIFNW2SAC
PRIFNW3
PRIFNW3S
PRIFNW6
PRIFNW7
PRIFNW7U
PRIFNW7S
PA-W11G
PA-11G2
ESNSB1
ESNSB2
ESIFNW1
SC-T3250
SC-T3255
SC-T5250
SC-T5255
SC-T7250
SC-T7255
SC-T5250D
SC-T5255D
SC-T7250D
SC-T7255D
SC-P5050
SC-P7050
SC-P9050
SC-P6050
SC-P8050
SC-P20050
SC-S80650
SC-S60650
SC-S40650
SC-S60650L
SC-S80650L
SC-F7200
SC-F6350
SC-F9450
SC-F9450H
SC-F2150
TM-C7500
TM-C3500
TM-C3400
PX-B510
PX-B500
PX-5800
PX-5002
PX-5V
PX-7V
SC-PX7V2
SC-PX5V2
SC-PX3V
PX-6250S
PX-6550
PX-7500N
PX-7550
PX-7550S
PX-9500N
PX-9550
PX-9550S
PX-20000
STYLUS PRO GS6000
PX-W8000
PX-F8000
PX-F8000M
PX-F10000
PX-H6000
PX-H7000
PX-H8000
PX-H9000
PX-H10000
SC-T3050
SC-T5050
SC-T7050
SC-P10050
SC-S30650
SC-S50650
SC-S70650
SC-F6000
SC-F7000
SC-F7100
SC-F6200
SC-F9200
SC-F9350
SC-F2000
Web Config
LP-9200PS2
LP-9200PS3
LP-8200C
LP-9600
LP-9600S
LP-9300
LP-8500C
LP-3000C
LP-8700PS3
LP-9800C
LP-S5500
LP-9200B
LP-9200C
LP-S4500
LP-S6500
LP-S7000
LP-S5000
LP-S4000
LP-S6000
LP-S5000R
LP-S5000Z
LP-S5000ZR
LP-S5300
LP-S5300R
LP-S300N
LP-S210
LP-S310
LP-S310N
LP-S3000
LP-S3000R
LP-S3000Z
LP-S3000PS
LP-S7500
LP-S7500AS
LP-S7500AH
LP-S7500AP
LP-S3500
LP-S4200
LP-S9000
LP-S7100
LP-S8100
PRIFNW1
PRIFNW1S
PRIFNW2
PRIFNW2AC
PRIFNW2S
PRIFNW2SAC
PRIFNW3
PRIFNW3S
PRIFNW6
PRIFNW7
PRIFNW7U
PRIFNW7S
PA-W11G
PA-11G2
ESNSB1
ESNSB2
ESIFNW1
SC-T3250
SC-T3255
SC-T5250
SC-T5255
SC-T7250
SC-T7255
SC-T5250D
SC-T5255D
SC-T7250D
SC-T7255D
SC-P5050
SC-P7050
SC-P9050
SC-P6050
SC-P8050
SC-P20050
SC-S80650
SC-S60650
SC-S40650
SC-S60650L
SC-S80650L
SC-F7200
SC-F6350
SC-F9450
SC-F9450H
SC-F2150
TM-C7500
TM-C3500
TM-C3400
PX-B510
PX-B500
PX-5800
PX-5002
PX-5V
PX-7V
SC-PX7V2
SC-PX5V2
SC-PX3V
PX-6250S
PX-6550
PX-7500N
PX-7550
PX-7550S
PX-9500N
PX-9550
PX-9550S
PX-20000
STYLUS PRO GS6000
PX-W8000
PX-F8000
PX-F8000M
PX-F10000
PX-H6000
PX-H7000
PX-H8000
PX-H9000
PX-H10000
SC-T3050
SC-T5050
SC-T7050
SC-P10050
SC-S30650
SC-S50650
SC-S70650
SC-F6000
SC-F7000
SC-F7100
SC-F6200
SC-F9200
SC-F9350
SC-F2000
Software vendor:
Seiko Epson Corporation
Seiko Epson Corporation
Description
The vulnerability allows a remote attacker to perform cross-site request forgery attacks.
The vulnerability exists due to insufficient validation of the HTTP request origin. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website.
Remediation
Install update from vendor's website.