7.8

CVE-2020-5674

Untrusted search path vulnerability in the installers of multiple SEIKO EPSON products allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Data is provided by the National Vulnerability Database (NVD)
EpsonAlbum Print Version- SwPlatformupdate_program
EpsonColorbase Version-
EpsonColorio Easy Print Version-
EpsonConnect Version-
EpsonCreativity Suite Version-
EpsonE-photo Version- SwPlatformcamera_raw
EpsonE-photo Version- SwPlatformpicture_motion_browser
EpsonEasy Photo Print Version- SwPlatform-
EpsonEasy Photo Print Version- SwPlatformcamera_raw
EpsonEasy Settings Version- SwPlatformoffice
EpsonImaging Workshop Version-
EpsonLink2 Version-
EpsonMulti-print Quicker Version- SwPlatformwindows
EpsonNet Config Version-
EpsonNet Config Se Version-
EpsonNet Print Version-
EpsonPhotolier Version-
EpsonPhotoquicker Version-
EpsonPhotostarter Version3.1
EpsonPm-t990 Integrated Installer Version- SwPlatformwindows
EpsonPrint Version- SwPlatformplaymemories_home
EpsonPrint Version- SwPlatformsilkypix
EpsonPrint Version- SwPlatformviewnx
EpsonPrint Layout Version- SwPlatformphotoshop
EpsonProlab Print Version-
EpsonProlab Print Version- SwPlatformcamera_raw
EpsonScan Icm Updater Version-
EpsonScanner Driver Version-
EpsonWeb To Page Version-
EpsonWebconfig Version-
EpsonUniversal Print Driver Version-
   MicrosoftWindows Version- HwPlatformx64
   MicrosoftWindows Version- HwPlatformx86
EpsonStatus Monitor 2 Version-
   MicrosoftWindows Version-
EpsonStatus Monitor 3 Version-
   MicrosoftWindows Version-
EpsonEc-01 Firmware Version-
   EpsonEc-01 Version-
EpsonPrint Image Framer Tool Version-
   MicrosoftWindows 98 Version-
   MicrosoftWindows Me Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.08% 0.21
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 4.4 3.4 6.4
AV:L/AC:M/Au:N/C:P/I:P/A:P
CWE-427 Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.