Device product
Catalys Precision Laser System, Models: Catalys-U (United States), Catalys-I (International), Catalys-C (China); and Catalys Precision Laser System No Bed, Models: 0160-6020 (United States), 0160-6010 (International)
Z-0444-2022
Product summary
- Event
- Event 88986
- Status
- Ongoing
- Classification
- Class II
- Quantity
- 546
- Official record key
device-enforcement:Z-0444-2022
Official wording
Reason: Aberrometer and precision laser systems are affected by a remote code execution vulnerability existing when the Microsoft Windows Print Spooler service is enabled, and improperly performs privileged file operations. This could be exploited to run arbitrary code with SYSTEM privileges, allowing for program installation; view/change/deleting data; or creation of new accounts with full user rights.
Code information: Catalys-U and Catalys-I with Windows 7 Ultimate/Professional/Embedded Standard. Catalys-C with Windows 7 Embedded Standard. 0160-6020 and 0160-6010 with Windows 7 Professional/Embedded Standard.
Distribution pattern: US: CA, TX, FL, LA, MD, IA, MA, VA, SD, MN, MO, NC, TN, SC, WA, NV, OH, KY, IN, CO, NJ, OK, NH, UT, AR, NY, AK, ND, NE, IL, AL, HI, CT, DE, KS, GA, OR, MS, PA, MT, ME, MI, AZ, ID, WI, VT, NM, CA. OUS: Canada, Mexico, Russian Federation, Turkey, Brazil, Egypt, Iraq, Saudi Arabia, Jordan, Norway, Colombia, Germany, Malaysia, India, Oman, Azerbaijan, Canada, Slovakia, Lebanon, Spain, Ireland, Italy, South Korea, Bangladesh, Chile, Taiwan, Tunisia, Kazakhstan, Libya, Argentina, Singapore, Austria, Australia, Vietnam, Greece, Poland, Indonesia, Yemen, Great Britain, South Africa, Croatia, France, Czech Republic, Algeria, Thailand, Bulgaria, United Arab Emirates, Belgium, Japan, China, Nepal, Israel, Switzerland, Dominican Republic, Hong Kong, Portugal, Ecuador, Kuwait, Netherlands, Slovenia, Philippines
Derived failure modes
-
Unknown
Aberrometer and precision laser systems are affected by a remote code execution vulnerability existing when the Microsoft Windows Print Spooler service is enabled, and improperly performs privileged file operations. This could be exploited to run arbitrary code with SYSTEM privileges, allowing for program installation; view/change/deleting data; or creation of new accounts with full user rights.