Vulnerability in ESC/POS command for POS printers - Frequently Asked Questions

ESC/POS is a command system for controlling POS printers.
Vulnerabilities related to the communication specifications of ESC/POS command have been reported.

ESC/POS commands are sent and received between the printer and the network via the TCP/9100 port.
Note: TCP/9100 is a standard communication path for a network printer to receive print data directly from a host and execute printing.

ESC/POS and TCP/9100 are designed for use in closed networks and do not have pre-defined authentication
or encryption mechanisms, leading to the following vulnerabilities.

• No restrictions on sender

Any host in the network to which the printer is connected can send and execute any command to the printer.

• Communications are not encrypted

An attacker within the network to which the printer is connected can exploit communication content.
Note: The printer drivers of EPSON also use ESC/POS commands to print.

There are no reports of attacks exploiting this vulnerability until now.

To ensure the security of your EPSON product, we recommend end-users and their administrators to implement and maintain industry-standard security controls and practices in setting up and managing network to which the product is connected.

<Internet Connection>

• Do not connect the product directly to the Internet; install it within a network protected by a firewall.
• Please set a private IP address for the product.

For more information on securing your EPSON product, please refer “Security Guidebook for customers using POS Printers”.
The security guidebook is available on the following website:
Security for printers and MFPs

For more information on securing your EPSON product, please refer “Security Guidebook for customers using POS Printers”.

Credit:
We would like to thank security researcher Michael Cook（FutileSkills）for his extensive work in identifying and sharing this security issue with us.