Lucene search

ABBCVE-2022-31217

HistoryJun 15, 2022 - 7:15 p.m.

CVE-2022-31217

2022-06-1519:15:11

CWE-59

ABB

web.nvd.nist.gov

cve-2022-31217

drive composer

vulnerability

low privileged attacker

file system

arbitrary content

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

16.3%

JSON

Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a “repair” operation on the product.

Affected configurations

Nvd

Node

abbautomation_builderRange1.1.0–2.5.0

abbdrive_composerRange2.0–2.7.1entry

abbdrive_composerRange2.0–2.7.1pro

abbmint_workbenchRange≤5866

VendorProductVersionCPE
abbautomation_builder*cpe:2.3:a:abb:automation_builder:*:*:*:*:*:*:*:*
abbdrive_composer*cpe:2.3:a:abb:drive_composer:*:*:*:*:entry:*:*:*
abbdrive_composer*cpe:2.3:a:abb:drive_composer:*:*:*:*:pro:*:*:*
abbmint_workbench*cpe:2.3:a:abb:mint_workbench:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
abb	automation_builder	*	cpe:2.3:a:abb:automation_builder::::::::
abb	drive_composer	*	cpe:2.3:a:abb:drive_composer:::::entry:::*
abb	drive_composer	*	cpe:2.3:a:abb:drive_composer:::::pro:::*
abb	mint_workbench	*	cpe:2.3:a:abb:mint_workbench::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Drive Composer entry",
    "vendor": "ABB",
    "versions": [
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "2.0",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "2.7",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Drive Composer pro",
    "vendor": "ABB",
    "versions": [
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "2.0",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "2.7",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "ABB Automation Builder",
    "vendor": "ABB",
    "versions": [
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "1.1.0",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "2.5.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Mint WorkBench",
    "vendor": "ABB",
    "versions": [
      {
        "lessThanOrEqual": "5866",
        "status": "affected",
        "version": "build",
        "versionType": "custom"
      }
    ]
  }
]

References

search.abb.com/library/Download.aspx?DocumentID=9AKK108467A0305&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.38192870.478847987.1655218701-372504397.1647012599

Social References

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

16.3%

JSON

Related for CVE-2022-31217