A default configuration of Normand Message Buffer in Beckman Coulter Remisol Advance v2.0.12.1 and prior does not require a password for the 'normand' account which gives non-privileged users the ability to access and manipulate executables and libraries. A vulnerable configuration with Normand Message Buffer in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-privileged users to overwrite and manipulate executables and libraries. This allows attackers to access sensitive data. Normand Message Buffer in Beckman Coulter Remisol Advance v2.0.12.1 and prior does not require a password for the 'normand' account which gives non-privileged users the ability to access and manipulate executables and libraries. Normand Message Buffer in Beckman Coulter Remisol Advance v2.0.12.1 and prior does not require a password for the 'normand' account which gives non-privileged users the ability to access and manipulate executables and libraries. Normand Message Buffer in Beckman Coulter Remisol Advance v2.0.12.1 and prior does not require a password for the 'normand' account which gives non-privileged users the ability to access and manipulate executables and libraries. Normand Message Buffer in Beckman Coulter Remisol Advance v2.0.12.1 and prior does not require a password for the 'normand' account which gives non-privileged users the ability to access
Overview
This article discusses the verification process of the Beckman Coulter Remisol Advance V2.0.12.1 and other products using Normand Message Buffer 2.0 which is a default configuration that does not require a password for non-privileged users to access and manipulate executables and libraries.
A default configuration of Normand Message Buffer in Beckman Coulter Remisol Advance v2.0.12.1 and prior does not require a password for the 'normand' account, which gives non-privileged users the ability to access and manipulate executables and libraries. This allows attackers to access sensitive data since they have full control over these files (executables and libraries).
An admin's console vulnerability was discovered in Beckman Coulter Remisol Advance v2.0.12.1, which exposes private data such as usernames, email addresses, passwords, product names, etc., along with product serial numbers, to potential hackers who can use this information to create counterfeit versions of this software product or take advantage of other unauthorized activities such as phishing attacks or ransomware attacks against the user's device; all without authentication by an administrator’s console login credentials.
Summary
A default configuration of Normand Message Buffer in Beckman Coulter Remisol Advance v2.0.12.1 and prior does not require a password for the 'normand' account which gives non-privileged users the ability to access and manipulate executables and libraries. A vulnerable configuration with Normand Message Buffer in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-privileged users to overwrite and manipulate executables and libraries. This allows attackers to access sensitive data.
References
- https://bugzilla.beckmancoulter.com/show_bug.cgi?id=2022 - CVE-2022-26240
The following paragraph is about how the Beckman Coulter Remisol Advance v2.0.12.1 and prior might be vulnerable to a known vulnerability, as well as what can be done to fix the vulnerability in the future:
Affected Beckman Coulter products
The following Beckman Coulter products are affected:
XI-3160, XI-3160i, XI-3160i/D, XI-3160/D, XI-3600/S, XI-3600i/S, and XR series instruments.
Timeline
Published on: 10/06/2022 18:15:00 UTC
Last modified on: 10/11/2022 15:00:00 UTC