Vulnerability Details CVE-2022-22521
In Miele Benchmark Programming Tool with versions Prior to 1.2.71, executable files manipulated by attackers are unknowingly executed with users privileges. An attacker with low privileges may trick a user with administrative privileges to execute these binaries as admin.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 32.3%
CVSS Severity
CVSS v3 Score 7.3
CVSS v2 Score 6.9
References
- http://packetstormsecurity.com/files/166881/Miele-Benchmark-Programming-Tool-1.1.49-1.2.71-Privilege-Escalation.html
- http://seclists.org/fulldisclosure/2022/Apr/42
- https://cert.vde.com/en/advisories/VDE-2022-015/
- https://www.miele.de/p/miele-benchmark-programming-tool-2296.htm
- http://packetstormsecurity.com/files/166881/Miele-Benchmark-Programming-Tool-1.1.49-1.2.71-Privilege-Escalation.html
- http://seclists.org/fulldisclosure/2022/Apr/42
- https://cert.vde.com/en/advisories/VDE-2022-015/
- https://www.miele.de/p/miele-benchmark-programming-tool-2296.htm
Products affected by CVE-2022-22521
-
cpe:2.3:a:miele:benchmark_programming_tool:1.0.49
-
cpe:2.3:a:miele:benchmark_programming_tool:1.1.49
-
cpe:2.3:a:miele:benchmark_programming_tool:1.2.71