CVE-2022-50928 – BlueSoleilCS 5.4.277 has an unquoted service pa... (How to Fix)

Q: What is the severity of CVE-2022-50928?

CVE-2022-50928 has a CVSS score of 7.8 (HIGH). BlueSoleilCS 5.4.277 has an unquoted service path vulnerability in its Windows service configuration. This allows local attackers with write access to the parent directory to place malicious executables that will be executed with SYSTEM privileges when the service starts. Only Windows systems running this specific version of BlueSoleilCS are affected.

📋 TL;DR

BlueSoleilCS 5.4.277 has an unquoted service path vulnerability in its Windows service configuration. This allows local attackers with write access to the parent directory to place malicious executables that will be executed with SYSTEM privileges when the service starts. Only Windows systems running this specific version of BlueSoleilCS are affected.

💻 Affected Systems

Products:

IVT Corporation BlueSoleilCS

Versions: 5.4.277

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Windows installations where the service path contains spaces and is unquoted in the service configuration.

📦 What is this software?

Bluesoleilcs by Ivtcorporation

View all CVEs affecting Bluesoleilcs →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local attacker gains full SYSTEM privileges on the Windows machine, enabling complete system compromise, data theft, and persistence.

🟠

Likely Case

Local attacker with basic user privileges escalates to SYSTEM privileges, gaining full control over the affected system.

🟢

If Mitigated

With proper directory permissions and monitoring, exploitation would be detected or prevented, limiting impact to failed privilege escalation attempts.

🌐 Internet-Facing: LOW - This is a local privilege escalation vulnerability requiring local access to the system.

🏢 Internal Only: HIGH - Internal attackers or malware with local access can exploit this to gain full system control.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local access and write permissions to the parent directory (C:\Program Files\IVT Corporation\BlueSoleil\). Public exploit code is available on Exploit-DB.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://web.archive.org/web/20210624054150/http://ivtcorporation.com/

Restart Required: Yes

Instructions:

1. Check vendor website for updated version. 2. If available, download and install updated version. 3. Restart the BlueSoleilCS service or reboot system.

🔧 Temporary Workarounds

Add quotes to service path

windows

Manually edit the service configuration to add quotes around the binary path

sc config BlueSoleilCS binPath= "C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe"

Restrict directory permissions

windows

Remove write permissions for non-administrative users from the BlueSoleil installation directory

icacls "C:\Program Files\IVT Corporation\BlueSoleil" /deny Users:(OI)(CI)W

🧯 If You Can't Patch

Remove BlueSoleilCS from affected systems if not required
Implement strict access controls on the installation directory to prevent unauthorized writes

🔍 How to Verify

Check if Vulnerable:

Run: sc qc BlueSoleilCS | findstr BINARY_PATH_NAME. Check if the path is unquoted and contains spaces.

Check Version:

Check program version in Control Panel > Programs and Features, or check file properties of BlueSoleilCS.exe

Verify Fix Applied:

Run: sc qc BlueSoleilCS | findstr BINARY_PATH_NAME. Verify the path is quoted: "C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe"

📡 Detection & Monitoring

Log Indicators:

Windows Event Logs showing service start failures
Unexpected executables in C:\Program Files\IVT Corporation\BlueSoleil\ directory

Network Indicators:

No network indicators - local privilege escalation only

SIEM Query:

EventID=7036 AND ServiceName="BlueSoleilCS" AND (EventData contains "stopped" OR EventData contains "started")

📊 Metadata

CVE ID: CVE-2022-50928

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-428

EPSS Score: 0.01% exploit probability (2.1th percentile)

Published: January 13, 2026

Last Updated: February 2, 2026

🔗 References

https://web.archive.org/web/20210624054150/http://ivtcorporation.com/ Product
https://www.exploit-db.com/exploits/50761 Exploit
https://www.vulncheck.com/advisories/bluetooth-application-bluesoleilcs-unquoted-service-path Third Party Advisory
https://www.exploit-db.com/exploits/50761 Exploit

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-50928, you might also want to check these: