CVE-2022-26238 The default privileges of Normand Service Manager in Beckman Coulter Remisol Advance v2.0.12.1 and prior allow non-privileged users to overwrite and manipulate executables and libraries.

This issue can be exploited when Normand Service Manager is allowed to run as root. Normand Service Manager in Beckman Coulter Remisol prior to v2.0.12.1 and Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-privileged users to read, modify, copy, and delete files that are protected against doing so, allowing attackers to access sensitive data. This vulnerability can be exploited when Normand Service Manager is allowed to run as root. Normand Service Manager in Beckman Coulter Remisol prior to v2.0.12.1 and Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-privileged users to write to and delete directories that are protected against doing so, allowing attackers to gain root privileges. This vulnerability can be exploited when Normand Service Manager is allowed to run as root. Normand Service Manager in Beckman Coulter Remisol prior to v2.0.12.1 and Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-privileged users to create and delete files that are protected against doing so, allowing attackers to gain root privileges. This vulnerability can be exploited when Normand Service Manager is allowed to run as root. Normand Service Manager in Beckman Coulter Remisol prior to v2.0.12.1 and Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-

Summary

Flawed code in Beckman Coulter Remisol prior to v2.0.12.1 and Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-privileged users to create and delete files that are protected against doing so, allowing attackers to gain root privileges. This vulnerability can be exploited when Normand Service Manager is allowed to run as root.

Vulnerability Overview

Normand Service Manager in Beckman Coulter Remisol prior to v2.0.12.1 and Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-privileged users to read, modify, copy, and delete files that are protected against doing so, allowing attackers access sensitive data.
This vulnerability can be exploited when Normand Service Manager is allowed to run as root.
Normand Service Manager in Beckman Coulter Remisol prior to v2.0.12.1 and Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-privileged users to write to and delete directories that are protected against doing so, allowing attackers gain root privileges.

Vulnerable versions:

- Beckman Coulter Remisol prior to v2.0.12.1, Beckman Coulter Remisol Advance v2.0.12.1
- Normand Service Manager in Beckman Coulter Remisol prior to v2.0.12.1 and Beckman Coulter Remisol Advance v2.0.12.1

Timeline

Published on: 10/06/2022 23:15:00 UTC
Last modified on: 10/11/2022 15:14:00 UTC

References

• https://www.beckmancoulter.com/products/clinical-information-management-tools/remisol-advance
• https://pastebin.com/23N5wcC7
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-26238