CVE-2022-26239

Vulnerability

The Normand License Manager service in Beckman Coulter Remisol Advance v2.0.12.1 and prior is installed with insecure default permissions that allow any unprivileged user to overwrite its executables and libraries. This service runs with SYSTEM privileges on Windows. [1][2]

Exploitation

An attacker requires low-level access to a workstation, which is often protected by a weak, default, or no password. The exploitation steps are: replace the LicenseManager.exe executable (or any associated library) with a malicious binary, then restart the service or the machine. Upon restart, the malicious binary executes as the SYSTEM user. [2]

Impact

Successful exploitation grants the attacker SYSTEM-level privileges on the Windows host, enabling full control over the system and access to sensitive data processed by the Remisol Advance middleware. [2]

Mitigation

The recommended fix is to correct the file and folder permissions so that non-privileged users cannot overwrite or manipulate the service executables and libraries. As of the publication date, no official patched version has been announced by the vendor; users should monitor Beckman Coulter's advisory for updates. [2]