CVE-2022-26235
Description
A vulnerability was discovered in the Remisol Advance v2.0.12.1 and below for the Normand Message Server. On installation, the permissions set by Remisol Advance allow non-privileged users to overwrite and/or manipulate executables and libraries that run as the elevated SYSTEM user on Windows.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Installer in Remisol Advance ≤ v2.0.12.1 sets weak file permissions, letting non-privileged users replace SYSTEM-run executables and achieve privilege escalation.
Vulnerability
In Remisol Advance v2.0.12.1 and below for the Normand Message Server [1], the installer does not set restrictive permissions on the service executables and libraries (e.g., MessageServer.exe and associated DLLs) that run as the elevated SYSTEM user on Windows [2]. This allows any low-privileged user to overwrite or manipulate these files [2]. The vulnerability is present in the product's installation on all supported Windows platforms where the default permission set is applied [2].
Exploitation
An attacker must first obtain low-level access to a workstation running the vulnerable software. Such workstations are often protected with a weak or default password, or even no password [2]. Once the attacker has a local user account, they can replace the Normand Message Server executable (or any associated library) with a malicious binary [2]. After replacing the file, the attacker restarts the machine or stops and starts the Normand Message Server service [2]. No additional user interaction or authentication beyond the initial low-privilege access is required.
Impact
When the service is restarted, the attacker's binary executes with SYSTEM / NT Authority privileges, granting the attacker complete control over the local system [2]. This is a privilege escalation from an unprivileged user to the highest Windows privilege level, enabling full compromise of the host (confidentiality, integrity, and availability) [2].
Mitigation
Beckman Coulter has not yet published a public security advisory or fixed version as of the reference dates [1][2]. The vendor's product page [1] does not mention a patch. The reference describes the fix as correcting file permissions on the service executables and libraries [2], but no specific remediated version or release date is available. Until an official patch is issued, organizations should restrict local access to Remisol Advance workstations, enforce strong passwords, and manually audit and lock down the permissions on MessageServer.exe and related files to prevent modification by non-privileged users [2].
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Remisol Advance/Remisol Advancedescription
- Range: <=2.0.12.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.