Cross-Site Request Forgeries (CSRF) Vulnerability


Vulnerability Reference: CVE-2023-27520

Description: A vulnerability has been identified in some Epson printers and network interface products in software (Web Config*) that can check the status of the product itself or change settings on a Web browser.

Impact
: By accessing a specially crafted page, the settings of the product itself may be changed through the Web Config of the product.

Currently, there are no reports of attacks exploiting this vulnerability.

Target products and countermeasures

  • Products other than the following are not affected because there are no vulnerabilities or measures have been taken at the time of shipment.

  • For products that are currently on sale, we plan to release countermeasure firmware as follows. After the firmware is released, we strongly recommend that you download it from the Epson website and apply the update.

  • For products that have not been supplied or are not scheduled to be supplied, we strongly recommend that you take measures by "Workaround method".

Product Name Countermeasure Scheduled Release
SureColor T3270 Series Apply firmware Mid-June 2023
SureColor T5270 Series Apply firmware Mid-June 2023
SureColor T7270 Series Apply firmware Mid-June 2023
SureColor T5270D Series Apply firmware Mid-June 2023
SureColor T7270D Series Apply firmware Mid-June 2023
SureColor T5200 Series Apply firmware Mid-June 2023
SureColor T7200 Series Apply firmware Mid-June 2023
SureColor T5200D Series Apply firmware Mid-June 2023
SureColor P5000 Series Apply firmware F/W Ver.: N027N2 (MP10.0)
T/I Release: 5 April, 2023
T/I No.: PR23-FWE-0010
SureColor P7000 Series Apply firmware F/W Ver.: LN002N6
T/I Release: 10 July 2023
SureColor P9000 Series Apply firmware F/W Ver.: LW002N6
T/I Release: 10 July 2023
SureColor P6000 Series Apply firmware F/W Ver.: NN002N6
T/I Release: 10 July 2023
SureColor P8000 Series Apply firmware F/W Ver.: NW002N6
T/I Release: 10 July 2023
SureColor P20000 Series Apply firmware Mid-July 2023
SureColor S80600 Series Apply firmware F/W Ver.: SA011MB(MP18.1)
T/I Release: 31 March, 2023
T/I No.: PR22-FWE-1967
SureColor S60600 Series Apply firmware F/W Ver.: HA027K2(MP16.2)
T/I Release: 31 March, 2023
T/I No.: PR22-FWE-1968
SureColor S40600 Series Apply firmware F/W Ver.: BA027K2(MP16.2)
T/I Release: 30 March, 2023
T/I No.: PR22-FWE-1963
SureColor S60600L Series Apply firmware F/W Ver.: HC001LA(MP5.1)
T/I Release: 31 March, 2023
T/I No.: PR22-FWE-1970
SureColor S80600L Series Apply firmware F/W Ver.: SC024M3(MP6.2)
T/I Release: 31 March, 2023
T/I No.: PR22-FWE-1969
SureColor F7200 Series Apply firmware F/W Ver.: CO011LA(MP9.1)
T/I Release: 31 March, 2023
T/I No.: PR22-FWE-1972
SureColor F6370 Apply firmware Late-September 2023
SureColor F9470 Apply firmware F/W Ver.: MT026L5(MP3.1)
T/I Release: 31 March, 2023
T/I No.: PR22-FWE-1971
SureColor F9470H Apply firmware F/W Ver.: MU026L5(MP3.1)
T/I Release: 31 March, 2023
T/I No.: PR22-FWE-1971
SureColor F2100 Series Apply firmware Early August 2023
TM-C7500 Apply firmware F/W Ver.: WAI34400
T/I Release: 27 March, 2023
T/I No.: TIE06224A
TM-C3500 Apply firmware F/W Ver.: WAM32500
T/I Release: 27 March, 2023
T/I No.: TIE06222A
TM-C3400 Workaround Below  
TM-C610 Workaround Below  
PX-B510 Workaround Below  
PX-B500 Workaround Below  
Stylus Pro 3800 Workaround Below  
Stylus Pro 3880 Workaround Below  
Stylus Photo R3000 Workaround Below  
Stylus Photo R2000 Workaround Below  
SureColor P400 Series Workaround Below  
SureColor P600 Series Workaround Below  
SureColor P800 Series Workaround Below  
Stylus Pro 4880 Workaround Below  
Stylus Pro 7880 Workaround Below  
Stylus Pro 9880 Workaround Below  
Stylus Pro 11880 Workaround Below  
Stylus Pro WT7900 Workaround Below  
Stylus Pro 7700 Workaround Below  
Stylus Pro 7710 Workaround Below  
Stylus Pro 9700 Workaround Below  
Stylus Pro 4900 Workaround Below  
Stylus Pro 7890 Workaround Below  
Stylus Pro 7900 Workaround Below  
Stylus Pro 9890 Workaround Below  
Stylus Pro 9900 Workaround Below  
SureColor T3000 Series Workaround Below  
SureColor T5000 Series Workaround Below  
SureColor T7000 Series Workaround Below  
SureColor P10000 Series Workaround Below  
SureColor S30600 Series Workaround Below  
SureColor S50600 Series Workaround Below  
SureColor S70600 Series Workaround Below  
SureColor F6200 Series Workaround Below  
SureColor F9200 Series Workaround Below  
SureColor F2000 Series Workaround Below  
SureColor F6070 Workaround Below  
SureColor F7070 Workaround Below  
SureColor F7170 Workaround Below  
SureColor F6200 Workaround Below  
SureColor F9200 Workaround Below  
SureColor F9370 Workaround Below  
EpsonNet 10/100 Base TX USB Print Server (C82402*) Workaround Below  
EpsonNet 10/100 Base TX USB Print Server (C82403*) Workaround Below  
EpsonNet 10/100 Base Tx High Speed Int.Print Server (C82405*) Workaround Below  
EpsonNet 802.11g wireless Ext. Print Server (C82422*) Workaround Below  
EpsonNet 10/100 Base Tx Int. Print Server 5 (C82434*) Workaround Below  
EpsonNet 10/100 Base Tx Int. Print Server 5e (C82435*) Workaround Below  
EpsonNet 802.11b/g Wireless and 10/100 Base Tx Ext. Print Server (C82437*) Workaround Below  
EpsonNet Authentication Print (C82440*) Workaround Below  
EpsonNet 10 Base 2/T Int. Print Server (C82362*) Workaround Below  
EpsonNet 10/100 Base Tx Ext. Print Server (C82363*) Workaround Below  
EpsonNet 10/100 Base Tx Ext. Print Server (C82364*) Workaround Below  
EpsonNet 10/100 Base Tx External Print Server (C82378*) Workaround Below  
EpsonNet 10/100 Base Tx Int. Print Server (C82384*) Workaround Below  
EpsonNet 10/100 Base Tx Int. Print Server 2 (C82391*) Workaround Below  
EpsonNet 802.11b Wireless Ext. Print Server (C82396*) Workaround Below  
EpsonNet 802.11b Wireless Ext. Print Server (C82397*) Workaround Below  
EpsonNet 802.11b Wireless Ext. Print Server (C82398*) Workaround Below  
EPSON Network Image Express (B80836*) Workaround Below  
EPSON Network Image Express Card (B80839*) Workaround Below  



Workaround Method

In order for customers to use the product safely and securely, please install and configure it according to the security guidebook here.

  • Installation according to the security guidebook
     
    1. Connecting to the internet

      The product should not be directly connected to the Internet and should be installed in a network protected by a firewall.

      In that case, please set a private IP address and operate.
       
    2. Administrator Password

      Set an administrator password for each product.

      The administrator password should be a complex string that is difficult for others to guess, such as mixing not only English characters but also symbols and numbers to make it 8 characters or more.
       
  • Stronger workaround - Block HTTP (TCP/80 port) access to the product

    1. Blocked by product

      For the following products, you can block HTTP access (TCP/80 port) in Web Config*.
       
      • Commercial and Industrial Printers

        SureColor T5200 Series, SureColor T7200 Series, and SureColor T5200D Series
         
    2. Shut off network equipment in the installation environment

      After configuring the product, block HTTP access (TCP/80 port) to the product with a network device (router or switch).

      Open the port only when you need to update the application settings or firmware.

*Due to blockage, the functions in Web Config may not be available.

Ao baixar arquivos desta página, você concorda com os termos e as condições do Acordo de Licença de Software da Epson.