Summary
The Miele Benchmark Programming Tool on a Microsoft Windows operating system, selects a folder by default upon installation that is writable for all users (C:\MIELE_SERVICE). After the installation of the tool, users without administrative privileges are able to exchange or delete executable files in this path.
Impact
Affected Product(s)
| Model no. | Product name | Affected versions |
|---|---|---|
| Benchmark Programming Tool <=1.2.71 | Benchmark Programming Tool <=1.2.71 |
Vulnerabilities
Expand / Collapse allIn Miele Benchmark Programming Tool with versions Prior to 1.2.71, executable files manipulated by attackers are unknowingly executed with users privileges. An attacker with low privileges may trick a user with administrative privileges to execute these binaries as admin.
Mitigation
A new version (1.2.72) of the Benchmark Programming Tool, which closes the named vulnerability, is available for download on the Miele website: www.miele.de/p/miele-benchmark-progra...
Remediation
As a further risk-minimizing measure, the write permissions of the installation folder C:\Miele_Service\ Miele Benchmark Programming Tool can be adjusted so that an exchange of files is only possible with administrative permissions. This is also possible without reinstalling or updating the tool. The procedure for adjusting the permissions depends on the Microsoft Windows operating system environment used and in most cases requires administrative rights.
Revision History
| Version | Date | Summary |
|---|---|---|
| 1 | 27.04.2022 14:00 | Initial revision. |