CVE-2022-22521

Privilege Escalation in Miele Benchmark Programming Tool

CVSS 7.3 HIGHEPSS 0.5%CWE-732

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 7.3EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

27 Apr 2022Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

In Miele Benchmark Programming Tool with versions Prior to 1.2.71, executable files manipulated by attackers are unknowingly executed with users privileges. An attacker with low privileges may trick a user with administrative privileges to execute these binaries as admin.

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Affected products

Miele · Benchmark Programming Tool

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://packetstormsecurity.com/files/166881/Miele-Benchmark-Programming-Tool-1.1.49-1.2.71-Privilege-Escalation.html https://cert.vde.com/en/advisories/VDE-2022-015/http://seclists.org/fulldisclosure/2022/Apr/42 https://www.miele.de/p/miele-benchmark-programming-tool-2296.htm