Cyber Resilience

CVE-2024-55957

High

Published: 22 January 2025

Published
22 January 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0006 19.4th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-55957 is a high-severity Incorrect Default Permissions (CWE-276) vulnerability in Thermofisher (inferred from references). Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 19.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and CM-6 (Configuration Settings).

Deeper analysis

CVE-2024-55957 is a local privilege escalation vulnerability (CWE-276) in the driver packages of Thermo Fisher Scientific Xcalibur before version 4.7 SP1 and Thermo Foundation Instrument Control Software (ICSW) before 3.1 SP10 on Windows systems. The issue arises from improper access control permissions, with a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

A local attacker with low privileges can exploit this vulnerability due to its low attack complexity and lack of required user interaction. Successful exploitation allows the attacker to achieve high impacts on confidentiality, integrity, and availability, enabling privilege escalation on the affected Windows system.

Thermo Fisher advisories recommend updating to Xcalibur 4.7 SP1 or later and ICSW 3.1 SP10 or later to mitigate the vulnerability. Further details are provided in the security guide at https://assets.thermofisher.com/TFS-Assets/CORP/Product-Guides/Thermo_Scientific_Xcalibur_and_Foundation.pdf and on https://thermofisher.com.

EU & UK References

Vulnerability details

In Thermo Fisher Scientific Xcalibur before 4.7 SP1 and Thermo Foundation Instrument Control Software (ICSW) before 3.1 SP10, the driver packages have a local privilege escalation vulnerability due to improper access control permissions on Windows systems.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local privilege escalation via improper access control permissions directly matches Exploitation for Privilege Escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-21532Shared CWE-276
CVE-2025-24176Shared CWE-276
CVE-2025-1789Shared CWE-276
CVE-2024-43769Shared CWE-276
CVE-2025-0543Shared CWE-276
CVE-2025-7024Shared CWE-276
CVE-2025-24267Shared CWE-276
CVE-2026-25203Shared CWE-276
CVE-2024-49737Shared CWE-276
CVE-2024-34730Shared CWE-276

Affected Assets

Thermofisher
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses improper access control permissions on driver packages by requiring enforcement of approved authorizations for logical access to system resources, preventing local privilege escalation.

prevent

Mandates establishment of secure configuration settings, including restrictive permissions on vulnerable driver files, to reflect the most restrictive mode and prevent exploitation by low-privileged local attackers.

prevent

Requires identification, reporting, and correction of flaws like this privilege escalation vulnerability through timely application of vendor-recommended patches for Xcalibur and ICSW.

References