Vulnerabilities ›

CVE-2020-36984

High

CWE-428 — Weakness Type

                    Published: Jan 28, 2026                      ·  Modified: Feb 28, 2026                      ·  Source: NVD                

CVSS v3

7.8

🔗 NVD Official

📄 Description (English)

EPSON 1.124 contains an unquoted service path vulnerability in the SENADB service that allows local attackers to execute code with elevated system privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\EPSON_P2B\Printer Software\Status Monitor\ to inject malicious executables that will run with LocalSystem permissions.

🤖 AI Executive Summary

CVE-2020-36984 is a local privilege escalation vulnerability in EPSON printer software affecting the SENADB service through an unquoted service path. Attackers with local access can inject malicious executables into the service path to execute code with LocalSystem privileges. While no public exploit is available, the vulnerability poses significant risk to organizations using EPSON printers in networked environments, particularly in Saudi government and corporate settings.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: Apr 27, 2026 10:34

🇸🇦 Saudi Arabia Impact Assessment

This vulnerability primarily impacts Saudi government agencies, banking institutions, and large enterprises that rely on EPSON printer networks for document management. High-risk sectors include: (1) SAMA-regulated banking institutions using EPSON printers in secure environments, (2) NCA government agencies and ministries with networked printer infrastructure, (3) Healthcare facilities (MOH) using EPSON devices for medical record printing, (4) Energy sector (ARAMCO, SEC) with industrial printer deployments, (5) Telecommunications (STC, Mobily) with office printer networks. The vulnerability is particularly dangerous in shared office environments where multiple users have local system access.

🏢 Affected Saudi Sectors

Banking and Financial Services (SAMA-regulated) Government and Public Administration (NCA oversight) Healthcare (Ministry of Health) Energy and Utilities (ARAMCO, SEC) Telecommunications (STC, Mobily) Large Enterprises and Corporations Educational Institutions

🎯 MITRE ATT&CK Techniques

T1547.001 - Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder T1547.011 - Boot or Logon Autostart Execution: Services T1134.003 - Access Token Manipulation: Make and Impersonate Token T1548.004 - Abuse Elevation Control Mechanism: Elevated Execution with Prompt T1574.008 - Hijack Execution Flow: DLL Search Order Hijacking T1036.003 - Masquerading: Rename System Utilities T1543.003 - Create or Modify System Process: Windows Service

⚖️ Saudi Risk Score (AI)

7.2

/ 10.0

🔧 Remediation Steps (English)

Immediate Actions:

1. Identify all EPSON printer software installations (version 1.124 and related versions) across the organization using asset inventory tools

2. Restrict local access to affected systems through Group Policy and access controls

3. Disable the SENADB service if not actively required: net stop SENADB and set startup type to Disabled

4. Monitor for suspicious process execution from C:\Program Files (x86)\EPSON_P2B\Printer Software\Status Monitor\

Patching Guidance:

1. Download and apply the latest EPSON printer software patch from EPSON's official support portal

2. Verify the service path is properly quoted after patching

3. Test printer functionality in non-production environment before enterprise deployment

Compensating Controls (if patch unavailable):

1. Implement file integrity monitoring on the EPSON installation directory

2. Apply NTFS permissions to restrict write access to the service path directory

3. Use AppLocker or Windows Defender Application Control to whitelist legitimate EPSON executables

4. Deploy endpoint detection and response (EDR) solutions to monitor LocalSystem privilege execution

Detection Rules:

1. Monitor for process creation from C:\Program Files (x86)\EPSON_P2B\Printer Software\Status Monitor\ with parent process SENADB

2. Alert on any executable files created in the EPSON service path directory

3. Track SENADB service state changes and startup type modifications

4. Monitor for privilege escalation events following EPSON service execution

🔧 خطوات المعالجة (العربية)

الإجراءات الفورية:

1. تحديد جميع تثبيتات برنامج طابعات EPSON (الإصدار 1.124 والإصدارات ذات الصلة) عبر المنظمة باستخدام أدوات جرد الأصول

2. تقييد الوصول المحلي للأنظمة المتأثرة من خلال Group Policy وعناصر التحكم في الوصول

3. تعطيل خدمة SENADB إذا لم تكن مطلوبة بنشاط: net stop SENADB وتعيين نوع البدء إلى Disabled

4. مراقبة تنفيذ العمليات المريبة من C:\Program Files (x86)\EPSON_P2B\Printer Software\Status Monitor\

إرشادات التصحيح:

1. تحميل وتطبيق أحدث تصحيح برنامج طابعات EPSON من بوابة دعم EPSON الرسمية

2. التحقق من أن مسار الخدمة مقتبس بشكل صحيح بعد التصحيح

3. اختبار وظيفة الطابعة في بيئة غير الإنتاج قبل نشر المؤسسة

عناصر التحكم التعويضية (إذا لم يكن التصحيح متاحاً):

1. تنفيذ مراقبة سلامة الملفات على دليل تثبيت EPSON

2. تطبيق أذونات NTFS لتقييد الوصول للكتابة إلى دليل مسار الخدمة

3. استخدام AppLocker أو Windows Defender Application Control لإدراج ملفات EPSON الشرعية

4. نشر حلول الكشف والاستجابة للنقاط النهائية (EDR) لمراقبة تنفيذ امتيازات LocalSystem

قواعد الكشف:

1. مراقبة إنشاء العمليات من C:\Program Files (x86)\EPSON_P2B\Printer Software\Status Monitor\ مع عملية الوالد SENADB

2. التنبيه على أي ملفات قابلة للتنفيذ تم إنشاؤها في دليل مسار خدمة EPSON

3. تتبع تغييرات حالة خدمة SENADB وتعديلات نوع البدء

4. مراقبة أحداث تصعيد الامتيازات بعد تنفيذ خدمة EPSON

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.5.1.1 - Information security policies and procedures A.6.1.1 - Access control policy A.6.2.1 - User registration and de-registration A.8.2.1 - Classification of information A.12.2.1 - Controls against malware A.12.6.1 - Management of technical vulnerabilities

🔵 SAMA CSF

ID.AM-2 - Software platforms and applications are inventoried PR.AC-1 - Identities and credentials are issued and managed PR.AC-4 - Access rights are managed PR.PT-1 - Security patches and updates are managed DE.CM-8 - Vulnerability scans are performed

🟡 ISO 27001:2022

A.5.1 - Management direction for information security A.6.1 - Internal organization A.8.1 - Asset management A.12.6 - Management of technical vulnerabilities A.14.2 - Development and support processes

🟣 PCI DSS v4.0.1

Requirement 2.2 - Configuration standards for system components Requirement 6.2 - Security patches and updates Requirement 11.2 - Vulnerability scanning

🔗 References & Sources 3

🔗

https://www.epson.co.uk/support?productID=10820&os=22#drivers_and_manuals

disclosure@vulncheck.com

🔗

https://www.exploit-db.com/exploits/48965

disclosure@vulncheck.com

🔗

https://www.vulncheck.com/advisories/epson-seksmdbexe-unquoted-service-path

disclosure@vulncheck.com

📊 CVSS Score

7.8

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack VectorL — Low / Local

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityH — High

IntegrityH — High

AvailabilityH — High

📋 Quick Facts

Severity High

CVSS Score7.8

CWECWE-428

EPSS0.01%

Exploit No

Patch ✓ Yes

Published 2026-01-28

Source Feed nvd

🇸🇦 Saudi Risk Score

7.2

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-428

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2020-36984

💬 Comments

Introduce Yourself

Sign In Required