Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a "repair" operation on the product.
References
Configurations
Configuration 1 (hide)
|
History
17 Sep 2024, 00:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a "repair" operation on the product. |
24 Jul 2023, 13:30
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-59 |
24 Jun 2022, 20:33
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A0305&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.38192870.478847987.1655218701-372504397.1647012599 - Mitigation, Vendor Advisory | |
CPE | cpe:2.3:a:abb:drive_composer:*:*:*:*:entry:*:*:* cpe:2.3:a:abb:drive_composer:*:*:*:*:pro:*:*:* cpe:2.3:a:abb:automation_builder:*:*:*:*:*:*:*:* cpe:2.3:a:abb:mint_workbench:*:*:*:*:*:*:*:* |
|
CWE | CWE-269 | |
CVSS |
v2 : v3 : |
v2 : 7.2
v3 : 7.8 |
15 Jun 2022, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-06-15 19:15
Updated : 2024-09-17 00:15
NVD link : CVE-2022-31217
Mitre link : CVE-2022-31217
CVE.ORG link : CVE-2022-31217
JSON object : View
Products Affected
abb
- mint_workbench
- automation_builder
- drive_composer
CWE
CWE-59
Improper Link Resolution Before File Access ('Link Following')