Security Vulnerabilities - CVEs Published In December 2018
An issue was discovered on Epson WorkForce WF-2861 10.48 LQ22I3, 10.51.LQ20I6 and 10.52.LQ17IA devices. On the 'Air Print Setting' web page, if the data for 'Bonjour Service Location' at /PRESENTATION/BONJOUR is more than 251 bytes when sending data for Air Print Setting, then the device no longer functions until a reboot.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-12-24
An issue was discovered on Epson WorkForce WF-2861 10.48 LQ22I3, 10.51.LQ20I6 and 10.52.LQ17IA devices. They use SNMP to find certain devices on the network, but the default version is v2c, allowing an amplification attack.
CVSS Score
5.9
EPSS Score
0.003
Published
2018-12-24
The web service on Epson WorkForce WF-2861 10.48 LQ22I3(Recovery-mode), WF-2861 10.51.LQ20I6, and WF-2861 10.52.LQ17IA devices allows remote attackers to cause a denial of service via a FIRMWAREUPDATE GET request, as demonstrated by the /DOWN/FIRMWAREUPDATE/ROM1 URI.
CVSS Score
7.5
EPSS Score
0.006
Published
2018-12-24
The web service on Epson WorkForce WF-2861 10.48 LQ22I3(Recovery-mode), WF-2861 10.51.LQ20I6, and WF-2861 10.52.LQ17IA devices allows remote attackers to upload a firmware file and reset the printer without authentication by making a request to the /DOWN/FIRMWAREUPDATE/ROM1 URI and a POST request to the /FIRMWAREUPDATE URI.
CVSS Score
9.1
EPSS Score
0.011
Published
2018-12-24
A Credential Management vulnerability exists in FoxView HMI SCADA (All Foxboro DCS, Foxboro Evo, and IA Series versions prior to Foxboro DCS Control Core Services 9.4 (CCS 9.4) and FoxView 10.5.) which could cause unauthorized disclosure, modification, or disruption in service when the password is modified without permission.
CVSS Score
8.7
EPSS Score
0.001
Published
2018-12-24
A Buffer Error vulnerability exists in PowerSuite 2, all released versions (VW3A8104 & Patches), which could cause an overflow in the memcpy function, leading to corruption of data and program instability.
CVSS Score
6.3
EPSS Score
0.003
Published
2018-12-24
A Hard-coded Credentials vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could enable an attacker to gain access to the device.
CVSS Score
9.8
EPSS Score
0.012
Published
2018-12-24
A Code Injection vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could enable access with maximum privileges when a remote code execution is performed.
CVSS Score
8.8
EPSS Score
0.213
Published
2018-12-24
A SQL Injection vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could give access to the web interface with full privileges.
CVSS Score
8.8
EPSS Score
0.009
Published
2018-12-24
An Improper Input Validation vulnerability exists in Pro-Face GP-Pro EX v4.08 and previous versions which could cause the execution arbitrary executable when GP-Pro EX is launched.
CVSS Score
8.8
EPSS Score
0.013
Published
2018-12-24