CVE-2022-50913

HIGH

ITEC ITeCProteccioAppServer - Code Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-50913. PoCs published by Edgar Carrillo Egea.

AI-analyzed exploit summary This is a writeup describing an unquoted service path privilege escalation vulnerability in ITeCProteccioAppServer.exe. The attacker can exploit this by placing a malicious executable in the service path, which will execute with elevated privileges upon service restart or system reboot.

Description

ITeC ITeCProteccioAppServer contains an unquoted service path vulnerability that allows local attackers to execute code with elevated system privileges. Attackers can insert a malicious executable in the service path to gain elevated access during service restart or system reboot.

Exploits (1)

exploitdb WRITEUP
by Edgar Carrillo Egea · textlocalwindows
https://www.exploit-db.com/exploits/50902

This is a writeup describing an unquoted service path privilege escalation vulnerability in ITeCProteccioAppServer.exe. The attacker can exploit this by placing a malicious executable in the service path, which will execute with elevated privileges upon service restart or system reboot.

Classification
Writeup 90%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: ITeCProteccioAppServer.exe (version not specified)
Auth required
Prerequisites: Local access to the system · Ability to write to the service path directory
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/50902
Various Sources product
https://itec.es/programas/

Scores

CVSS v3 8.4
EPSS 0.0013
EPSS Percentile 3.0%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-428
Status published
Products (1)
ITEC/TCQ
Published Jan 13, 2026
Tracked Since Feb 18, 2026