CVE-2018-0689

EPSS 0.63%
Published 09.01.2019 23:29:01
Last modified 21.11.2024 03:38:44
Source vultures@jpcert.or.jp
Teams watchlist Login
Open Login

HTTP header injection vulnerability in SEIKO EPSON printers and scanners (DS-570W firmware versions released prior to 2018 March 13, DS-780N firmware versions released prior to 2018 March 13, EP-10VA firmware versions released prior to 2017 September 4, EP-30VA firmware versions released prior to 2017 June 19, EP-707A firmware versions released prior to 2017 August 1, EP-708A firmware versions released prior to 2017 August 7, EP-709A firmware versions released prior to 2017 June 12, EP-777A firmware versions released prior to 2017 August 1, EP-807AB/AW/AR firmware versions released prior to 2017 August 1, EP-808AB/AW/AR firmware versions released prior to 2017 August 7, EP-879AB/AW/AR firmware versions released prior to 2017 June 12, EP-907F firmware versions released prior to 2017 August 1, EP-977A3 firmware versions released prior to 2017 August 1, EP-978A3 firmware versions released prior to 2017 August 7, EP-979A3 firmware versions released prior to 2017 June 12, EP-M570T firmware versions released prior to 2017 September 6, EW-M5071FT firmware versions released prior to 2017 November 2, EW-M660FT firmware versions released prior to 2018 April 19, EW-M770T firmware versions released prior to 2017 September 6, PF-70 firmware versions released prior to 2018 April 20, PF-71 firmware versions released prior to 2017 July 18, PF-81 firmware versions released prior to 2017 September 14, PX-048A firmware versions released prior to 2017 July 4, PX-049A firmware versions released prior to 2017 September 11, PX-437A firmware versions released prior to 2017 July 24, PX-M350F firmware versions released prior to 2018 February 23, PX-M5040F firmware versions released prior to 2017 November 20, PX-M5041F firmware versions released prior to 2017 November 20, PX-M650A firmware versions released prior to 2017 October 17, PX-M650F firmware versions released prior to 2017 October 17, PX-M680F firmware versions released prior to 2017 June 29, PX-M7050F firmware versions released prior to 2017 October 13, PX-M7050FP firmware versions released prior to 2017 October 13, PX-M7050FX firmware versions released prior to 2017 November 7, PX-M7070FX firmware versions released prior to 2017 April 27, PX-M740F firmware versions released prior to 2017 December 4, PX-M741F firmware versions released prior to 2017 December 4, PX-M780F firmware versions released prior to 2017 June 29, PX-M781F firmware versions released prior to 2017 June 27, PX-M840F firmware versions released prior to 2017 November 16, PX-M840FX firmware versions released prior to 2017 December 8, PX-M860F firmware versions released prior to 2017 October 25, PX-S05B/W firmware versions released prior to 2018 March 9, PX-S350 firmware versions released prior to 2018 February 23, PX-S5040 firmware versions released prior to 2017 November 20, PX-S7050 firmware versions released prior to 2018 February 21, PX-S7050PS firmware versions released prior to 2018 February 21, PX-S7050X firmware versions released prior to 2017 November 7, PX-S7070X firmware versions released prior to 2017 April 27, PX-S740 firmware versions released prior to 2017 December 3, PX-S840 firmware versions released prior to 2017 November 16, PX-S840X firmware versions released prior to 2017 December 8, PX-S860 firmware versions released prior to 2017 December 7) may allow a remote attackers to lead a user to a phishing site or execute an arbitrary script on the user's web browser.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Epson ≫ Ds-570w Firmware Version < 2018-03-13

Epson ≫ Ds-570w Version-

Epson ≫ Ds-780n Firmware Version < 2018-03-13

Epson ≫ Ds-780n Version-

Epson ≫ Ep-10va Firmware Version < 2017-09-04

Epson ≫ Ep-10va Version-

Epson ≫ Ep-30va Firmware Version < 2017-06-19

Epson ≫ Ep-30va Version-

Epson ≫ Ep-707a Firmware Version < 2017-08-01

Epson ≫ Ep-707a Version-

Epson ≫ Ep-708a Firmware Version < 2017-08-07

Epson ≫ Ep-708a Version-

Epson ≫ Ep-709a Firmware Version < 2017-06-12

Epson ≫ Ep-709a Version-

Epson ≫ Ep-777a Firmware Version < 2017-08-01

Epson ≫ Ep-777a Version-

Epson ≫ Ep-807ab Firmware Version < 2017-08-01

Epson ≫ Ep-807ab Version-

Epson ≫ Ep-807aw Firmware Version < 2017-08-01

Epson ≫ Ep-807aw Version-

Epson ≫ Ep-807ar Firmware Version < 2017-08-01

Epson ≫ Ep-807ar Version-

Epson ≫ Ep-808ab Firmware Version < 2017-08-07

Epson ≫ Ep-808ab Version-

Epson ≫ Ep-808aw Firmware Version < 2017-08-07

Epson ≫ Ep-808aw Version-

Epson ≫ Ep-808ar Firmware Version < 2017-08-07

Epson ≫ Ep-808ar Version-

Epson ≫ Ep-879ab Firmware Version < 2017-06-12

Epson ≫ Ep-879ab Version-

Epson ≫ Ep-879aw Firmware Version < 2017-06-12

Epson ≫ Ep-879aw Version-

Epson ≫ Ep-879ar Firmware Version < 2017-06-12

Epson ≫ Ep-879ar Version-

Epson ≫ Ep-907f Firmware Version < 2017-08-01

Epson ≫ Ep-907f Version-

Epson ≫ Ep-977a3 Firmware Version < 2017-08-01

Epson ≫ Ep-977a3 Version-

Epson ≫ Ep-978a3 Firmware Version < 2017-08-07

Epson ≫ Ep-978a3 Version-

Epson ≫ Ep-979a3 Firmware Version < 2017-06-12

Epson ≫ Ep-979a3 Version-

Epson ≫ Ep-m570t Firmware Version < 2017-09-06

Epson ≫ Ep-m570t Version-

Epson ≫ Ew-m5071ft Firmware Version < 2017-11-02

Epson ≫ Ew-m5071ft Version-

Epson ≫ Ew-m660ft Firmware Version < 2018-04-19

Epson ≫ Ew-m660ft Version-

Epson ≫ Ew-m770t Firmware Version < 2017-09-06

Epson ≫ Ew-m770t Version-

Epson ≫ Pf-70 Firmware Version < 2018-04-20

Epson ≫ Pf-70 Version-

Epson ≫ Pf-71 Firmware Version < 2017-07-18

Epson ≫ Pf-71 Version-

Epson ≫ Pf-81 Firmware Version < 2017-09-14

Epson ≫ Pf-81 Version-

Epson ≫ Px-048a Firmware Version < 2017-07-04

Epson ≫ Px-048a Version-

Epson ≫ Px-049a Firmware Version < 2017-09-11

Epson ≫ Px-049a Version-

Epson ≫ Px-437a Firmware Version < 2017-07-24

Epson ≫ Px-437a Version-

Epson ≫ Px-m350f Firmware Version < 2018-02-23

Epson ≫ Px-m350f Version-

Epson ≫ Px-m5040f Firmware Version < 2017-11-20

Epson ≫ Px-m5040f Version-

Epson ≫ Px-m5041f Firmware Version < 2017-11-20

Epson ≫ Px-m5041f Version-

Epson ≫ Px-m650a Firmware Version < 2017-10-17

Epson ≫ Px-m650a Version-

Epson ≫ Px-m650f Firmware Version < 2017-10-17

Epson ≫ Px-m650f Version-

Epson ≫ Px-m680f Firmware Version < 2017-06-29

Epson ≫ Px-m680f Version-

Epson ≫ Px-m7050f Firmware Version < 2017-10-13

Epson ≫ Px-m7050f Version-

Epson ≫ Px-m7050fp Firmware Version < 2017-10-13

Epson ≫ Px-m7050fp Version-

Epson ≫ Px-m7050fx Firmware Version < 2017-11-07

Epson ≫ Px-m7050fx Version-

Epson ≫ Px-m7070fx Firmware Version < 2017-04-27

Epson ≫ Px-m7070fx Version-

Epson ≫ Px-m740f Firmware Version < 2017-06-29

Epson ≫ Px-m740f Version-

Epson ≫ Px-m781f Firmware Version < 2017-06-27

Epson ≫ Px-m781f Version-

Epson ≫ Px-m840f Firmware Version < 2017-11-16

Epson ≫ Px-m840f Version-

Epson ≫ Px-m840fx Firmware Version < 2017-12-08

Epson ≫ Px-m840fx Version-

Epson ≫ Px-m860f Firmware Version < 2017-10-25

Epson ≫ Px-m860f Version-

Epson ≫ Px-s05b Firmware Version < 2018-03-09

Epson ≫ Px-s05b Version-

Epson ≫ Px-s05w Firmware Version < 2018-03-09

Epson ≫ Px-s05w Version-

Epson ≫ Px-s350 Firmware Version < 2018-02-23

Epson ≫ Px-s350 Version-

Epson ≫ Px-s5040 Firmware Version < 2017-11-20

Epson ≫ Px-s5040 Version-

Epson ≫ Px-s7050 Firmware Version < 2018-02-21

Epson ≫ Px-s7050 Version-

Epson ≫ Px-s7050ps Firmware Version < 2018-02-21

Epson ≫ Px-s7050ps Version-

Epson ≫ Px-s7050x Firmware Version < 2017-11-07

Epson ≫ Px-s7050x Version-

Epson ≫ Px-s7070x Firmware Version < 2017-04-27

Epson ≫ Px-s7070x Version-

Epson ≫ Px-s740 Firmware Version < 2017-12-03

Epson ≫ Px-s740 Version-

Epson ≫ Px-s840 Firmware Version < 2017-11-16

Epson ≫ Px-s840 Version-

Epson ≫ Px-s840x Firmware Version < 2017-12-08

Epson ≫ Px-s840x Version-

Epson ≫ Px-s860 Firmware Version < 2017-12-07

Epson ≫ Px-s860 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.63%	0.678

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-113 Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')

The product receives data from an HTTP agent/component (e.g., web server, proxy, browser, etc.), but it does not neutralize or incorrectly neutralizes CR and LF characters before the data is included in outgoing HTTP headers.

https://jvn.jp/en/jp/JVN89767228/index.html

Third Party Advisory

VDB Entry

https://www.epson.jp/support/misc/20181203_oshirase.htm

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-0689

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-0689

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-0689

EUVD