PT-2026-4998 · Epson · Epson Status Monitor 3
Samalucard
·
Published
2026-01-27
·
Updated
2026-01-27
·
CVE-2020-36975
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
EPSON Status Monitor 3 version 8.0
Description
The EPSON Status Monitor 3 utility has a flaw due to an unquoted service path. This could allow local attackers to execute arbitrary code. The vulnerable service binary path is 'C:Program FilesCommon FilesEPSONEPW!3SSRPE S60RPB.EXE'. Attackers can exploit this unquoted path to inject malicious executables and potentially gain elevated privileges.
Recommendations
Update EPSON Status Monitor 3 to a version where the service path is properly quoted.
As a temporary workaround, restrict access to the 'E S60RPB.EXE' file located in 'C:Program FilesCommon FilesEPSONEPW!3SSRP'.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Epson Status Monitor 3