Headline
CVE-2022-22521: Miele Benchmark Programming Tool
In Miele Benchmark Programming Tool with versions Prior to 1.2.71, executable files manipulated by attackers are unknowingly executed by users with administrative privileges. An attacker could thereby obtain higher permissions. The attacker must already have access to the corresponding local system to be able to exchange the files.
Das Miele Benchmark Programming Tool ist eine Desktop-Anwendung, die es dem Anwender unter anderem ermöglicht, Waschmaschinen- und Wäschetrocknerprogramme sowie Maschineneinstellungen an seinen Miele Professional-Geräten komfortabel zu bearbeiten, wobei die Funktionalität des Tools je nach Gerätetyp variiert. Das Tool richtet sich sowohl an Techniker als auch an Kunden/Anwender und kann mit den folgenden Maschinentypen verwendet werden: PWM 51x-52x & 91x-92x und PDR 51x-54x & 91x-94x.
Begleitinfo zum EULA-Download
Das Herunterladen und die Nutzung der Software ist ausschließlich auf der Grundlage und unter der Bedingung gestattet, dass Sie den EULA akzeptieren.
Download Benchmark Programming Tool
Related news
Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. In versions prior to 3.19.0, any application with notification permission can access contacts if Nextcloud has access to Contacts without applying for the Contacts permission itself. Version 3.19.0 contains a fix for this issue. There are currently no known workarounds.
Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. Prior to version 3.19.1, users can bypass a lock on the Nextcloud app on an Android device by repeatedly reopening the app. Version 3.19.1 contains a fix for the problem. There are currently no known workarounds.
The Hashicorp go-getter library before 1.5.11 could write SSH credentials into its logfile, exposing sensitive credentials to local users able to read the logfile.
Discourse Assign is a plugin for assigning users to a topic in Discourse, an open-source messaging platform. Prior to version 1.0.1, the UserBookmarkSerializer serialized the whole User / Group object, which leaked some private information. The data was only being serialized to people who could view assignment info, which is limited to staff by default. For the vast majority of sites, this data was only leaked to trusted staff member, but for sites with assign features enabled publicly, the data was accessible to more people than just staff. Version 1.0.1 contains a patch. There are currently no known workarounds.