Impact
The vulnerability exists in the Client Update Service of Quanos SCHEMA ST4 where the service is executed as NT AUTHORITY\SYSTEM and exposes a .NET Remoting interface over a named pipe. The interface lacks proper access controls or authorization checks, allowing a local authenticated user to invoke privileged update methods such as Update(). This allows the attacker to perform arbitrary file write and delete operations with SYSTEM privileges, effectively achieving local privilege escalation.
Affected Systems
The affected product is Quanos Solutions GmbH SCHEMA ST4 deployed on‑premises. Version information is not specified in the data provided and no cloud or SaaS deployment of Quanos SCHEMA ST4 is affected.
Risk and Exploitability
The attack requires local host access with an authenticated user session, so it is a local privilege escalation rather than a remote attack vector. The CVSS score of 8.4 indicates a high severity, while the EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog. In environments that strictly enforce the principle of least privilege, the attack surface is reduced, though the vulnerability could be exploited by any low‑privileged local user who can access the named pipe. The vendor recommends disabling the Client Update Service until a patch is released, and provides a workaround to manually perform client updates only with a privileged account.
OpenCVE Enrichment