CVE-2022-22521
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Summary
In Miele Benchmark Programming Tool with versions Prior to 1.2.71, executable files manipulated by attackers are unknowingly executed with users privileges. An attacker with low privileges may trick a user with administrative privileges to execute these binaries as admin.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Miele | Benchmark Programming Tool | 1.2.71 | affected |
Weaknesses
- CWE-732: CWE-732 Incorrect Permission Assignment for Critical Resource
Workarounds
As a further risk-minimizing measure, the write permissions of the installation folder C:\Miele_Service\ Miele Benchmark Programming Tool can be adjusted so that an exchange of files is only possible with administrative permissions. This is also possible without reinstalling or updating the tool. The procedure for adjusting the permissions depends on the Microsoft Windows operating system environment used and in most cases requires administrative rights.
ADP Enrichment
CVE Program Container
Additional References
- https://www.miele.de/p/miele-benchmark-programming-tool-2296.htm
- http://seclists.org/fulldisclosure/2022/Apr/42
- http://packetstormsecurity.com/files/166881/Miele-Benchmark-Programming-Tool-1.1.49-1.2.71-Privilege-Escalation.html
- https://cert.vde.com/en/advisories/VDE-2022-015/
References
- https://www.miele.de/p/miele-benchmark-programming-tool-2296.htm
- http://seclists.org/fulldisclosure/2022/Apr/42
- http://packetstormsecurity.com/files/166881/Miele-Benchmark-Programming-Tool-1.1.49-1.2.71-Privilege-Escalation.html
- https://cert.vde.com/en/advisories/VDE-2022-015/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.