CVE-2022-26237

Vulnerability

The Normand Viewer Service in Beckman Coulter Remisol Advance v2.0.12.1 and prior has insecure default file permissions on its executables and libraries. This allows any non-privileged user to overwrite or manipulate files that run as the elevated SYSTEM user on Windows [2]. The issue affects versions up to and including v2.0.12.1 [1][2].

Exploitation

An attacker needs low-level access to a workstation running the vulnerable software. These workstations are often protected with weak, default, or no passwords [2]. The attacker then replaces the ViewerService.exe executable (or any associated library) with a malicious binary. After restarting the machine or the service, the malicious binary runs as NT AUTHORITY\SYSTEM [2].

Impact

Successful exploitation yields full local privilege escalation to the SYSTEM account. The attacker gains complete control over the affected workstation, including the ability to access sensitive data processed by the Remisol Advance middleware [1][2].

Mitigation

Beckman Coulter has not yet disclosed a fixed version or patch in the available references. The vendor recommends correcting the service directory permissions so that non-privileged users cannot overwrite executables, preventing local privilege escalation [2]. Users should ensure strong passwords are enforced on all workstations and apply the principle of least privilege.