CVE-2022-26240

Vulnerability

The vulnerability resides in the Normand Message Buffer service of Beckman Coulter Remisol Advance v2.0.12.1 and prior [1][2]. During installation, the service's executables and libraries (e.g., MessageBuffer.exe) are assigned overly permissive file permissions, enabling any user to overwrite them. The service runs with Windows SYSTEM privileges [2].

Exploitation

An attacker must first obtain low-level access to a workstation, which are often protected with weak, default, or no passwords [2]. The exploitation sequence is: (1) replace the service executable or an associated library with a malicious binary; (2) restart the machine or the service; (3) the malicious binary executes as the SYSTEM user [2].

Impact

Successful exploitation grants the attacker arbitrary code execution as SYSTEM, the highest privilege level on Windows [2]. This provides full control over the host, including access to sensitive data processed by the Remisol Advance middleware [1][2].

Mitigation

The recommended fix is to correct the file permissions on the Normand Message Buffer service directory so that non-privileged users cannot overwrite executables or libraries [2]. As of the publication date, no official patch has been released; administrators should manually restrict access to the installation folder and enforce strong workstation passwords. Monitor vendor updates for a permanent solution [1].