CVE-2022-26236

Vulnerability

The vulnerability exists in the Normand Remisol Advance Launcher component of Beckman Coulter Remisol Advance versions 2.0.12.1 and prior. During installation, the default permissions allow any non-privileged user to overwrite or manipulate executables and libraries that run as the SYSTEM user on Windows [1][2]. This affects the message server service executable (e.g., LauncherService.exe) and associated libraries [2].

Exploitation

An attacker needs low-level access to a workstation, often protected with weak or default credentials [2]. Steps: obtain low-level access, replace the message server service executable or its associated library with a malicious binary, then restart the machine or service. The malicious binary will execute as the SYSTEM/NT Authority user [2].

Impact

Successful exploitation allows the attacker to execute arbitrary code with SYSTEM privileges, leading to full compromise of the workstation and access to sensitive data processed by the Remisol Advance middleware [1][2].

Mitigation

The fix involves correcting the file permissions so that non-privileged users cannot overwrite the service executables [2]. Beckman Coulter has not publicly released a patched version as of the publication date; users should apply the permission fix manually or contact the vendor for guidance [2]. The vulnerability is not listed on CISA's Known Exploited Vulnerabilities catalog.