CVE-2021-45222
Description
An issue was discovered in COINS Construction Cloud 11.12. Due to logical flaws in the human ressources interface, it is vulnerable to privilege escalation by HR personnel.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
HR personnel in COINS Construction Cloud 11.12 can take over arbitrary user accounts by changing the victim's email via the Personnel Workbench, enabling privilege escalation.
Vulnerability
The vulnerability resides in the human resources interface of COINS Construction Cloud version 11.12. HR personnel with access to the "Personnel Workbench" can add or modify personal information for other users in the same company. A logical flaw allows the HR user to select an existing user ID as the "System User ID" when adding personal information. This makes it possible to change the registered e-mail address associated with the victim account [1].
Exploitation
An attacker who holds HR staff permissions can trigger the attack by first logging into the HR account, then navigating to the "Personnel Workbench" and adding a person record. During this process, the attacker selects a victim's user ID as the "System User ID" and changes the victim's registered e-mail address to one under the attacker's control. The same e-mail address is used by the password reset function, so the attacker can initiate a password reset and receive the reset link at the attacker-controlled address, thereby gaining control of the victim account [1].
Impact
Successful exploitation allows an HR user to perform a privilege escalation by taking over arbitrary user accounts of the same company. The attacker gains full control of the victim account, which may include higher privileges depending on the victim's role. This compromises the confidentiality, integrity, and availability of the COINS Construction Cloud instance, as well as any data accessible to the compromised account [1][2].
Mitigation
As of the publication date, the manufacturer had not provided a fix; the solution status was marked as "Open" as of 2021-11-02 and no solution date was specified [1]. According to the advisory, the manufacturer did not respond to the vulnerability disclosure, so it is possible that 11.12 and later versions remain affected [2]. No workaround is documented. Users are advised to restrict HR personnel permissions to the minimum necessary and monitor HR activity for unauthorized email changes until a patch is released [1][2].
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- COINS/Construction Clouddescription
- Range: =11.12
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Logical flaw in the Personnel Workbench allows HR users to change the registered e-mail address of an existing user account, which can then be used to reset that account's password."
Attack vector
An attacker with HR staff permissions logs into the COINS Construction Cloud and navigates to the "Personnel Workbench". In the "Main" tab, they select an existing victim's "System User ID", then switch to the "Work Information" tab and change the registered e-mail address to one under their control [ref_id=1]. Because the platform uses the registered e-mail for password-reset functionality, the attacker can then trigger a password reset for the victim account and set new credentials, thereby taking over the account [ref_id=1]. No special network position is required beyond authenticated access as an HR user.
Affected code
The vulnerability resides in the "Personnel Workbench" interface of the human resources module. The advisory does not specify particular source files or functions, but the logical flaw is in the workflow that allows HR personnel to select an existing "System User ID" and modify the associated e-mail address.
What the fix does
The advisory states that no solution has been provided by the manufacturer as of the disclosure date [ref_id=1]. The recommended remediation would be to restrict the ability to change the "System User ID" or the registered e-mail address for existing accounts, or to require additional authorization steps before an e-mail change can take effect. Without a patch, organizations using the affected version should implement compensating controls such as monitoring HR personnel changes to e-mail fields.
Preconditions
- authAttacker must have HR staff permissions in the COINS Construction Cloud application
- configAttacker must be from the same company as the victim account
Reproduction
1. Log in to the human resources account. 2. Navigate to "Personnel Workbench". 3. Add personal information. 4. Select an existing "System User ID" in the "Main" tab. 5. Switch to the "Work Information" tab. 6. Change the registered e-mail to an address under your control. 7. Save and log out. 8. Trigger a password reset for the victim account. 9. Enter new credentials for the victim account. [ref_id=1]
Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
3- appsource.microsoft.com/en-us/product/web-apps/constructionindustrysolutionslimited-5057232.coinsconstructioncloudmitrex_refsource_MISC
- www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-029.txtmitrex_refsource_MISC
- www.syss.de/pentest-blog/multiple-schwachstellen-im-coins-construction-cloud-erp-syss-2021-028/-029/-030/-031/-051/-052/-053mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.