07 February 2025
Claudio Contin
Local Privilege Escalation Vulnerability in Thermo Scientificâ„¢ Xcaliburâ„¢ and Foundation software
During an engagement conducted in October last year, we discovered a privilege escalation issue affecting Thermo Fisher Scientific Xcalibur software.
The issue allows for privilege escalation on Windows systems due to improper access controls on the application files.
By default, the application is installed under C:\Program Files (x86)\Thermo\Foundation\ and contains several executables and DLLs. The application registers one or more services that run with NT AUTHORITY\SYSTEM privileges. The files, including the services executables, can be overwritten by low privileges users, resulting in escalation of privileges during the next service restart or system reboot.
On January 22, 2025, Thermo Fisher released a security bulletin together with a patch.
We would like to commend the vendor for their excellent communication throughout the disclosure process.
Claudio Contin - Principal Consultant