CVE-2022-23334

CRITICAL

Ip-label Newtest < 8.5r0 - Privilege Escalation via Weak Binary Signature Check

Title source: llm

Description

The Robot application in Ip-label Newtest before v8.5R0 was discovered to use weak signature checks on executed binaries, allowing attackers to have write access and escalate privileges via replacing NEWTESTREMOTEMANAGER.EXE.

References (3)

Core 3

Core References

Vendor Advisory

http://ip-label.com

Broken Link

http://newtest.com

Broken Link

https://www.on-x.com/wp-content/uploads/2023/01/ON-X-Security-Advisory-Ip-label-Ekara-Newtest-CVE-2022-23334.pdf

Scores

CVSS v3 9.8

EPSS 0.0053

EPSS Percentile 40.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-347

Status published

Products (1)

ip-label/newtest < 8.5r0

Published Jan 30, 2023

Tracked Since Feb 18, 2026