Vulnerability Details : CVE-2022-26235
A vulnerability was discovered in the Remisol Advance v2.0.12.1 and below for the Normand Message Server. On installation, the permissions set by Remisol Advance allow non-privileged users to overwrite and/or manipulate executables and libraries that run as the elevated SYSTEM user on Windows.
Products affected by CVE-2022-26235
- cpe:2.3:a:beckmancoulter:remisol_advance:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-26235
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 10 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-26235
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2022-26235
-
During installation, installed file permissions are set to allow anyone to modify those files.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-26235
-
https://pastebin.com/amgw9pE7
CVE-2022-26235: Remisol Advance Normand Message Server - Pastebin.comThird Party Advisory
-
https://www.beckmancoulter.com/products/clinical-information-management-tools/remisol-advance
Clinical Lab Data Management System REMISOL Advance | Beckman CoulterProduct;Vendor Advisory
Jump to