Lucene search

ABBCVELIST:CVE-2022-31217

HistoryJun 15, 2022 - 6:47 p.m.

CVE-2022-31217 Drive Composer Link Following Local Privilege Escalation Vulnerability

2022-06-1518:47:49

CWE-59

ABB

www.cve.org

cve-2022-31217

drive composer

local privilege escalation

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

High

EPSS

0.001

Percentile

16.3%

JSON

Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a “repair” operation on the product.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Drive Composer entry",
    "vendor": "ABB",
    "versions": [
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "2.0",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "2.7",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Drive Composer pro",
    "vendor": "ABB",
    "versions": [
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "2.0",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "2.7",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "ABB Automation Builder",
    "vendor": "ABB",
    "versions": [
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "1.1.0",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "2.5.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Mint WorkBench",
    "vendor": "ABB",
    "versions": [
      {
        "lessThanOrEqual": "5866",
        "status": "affected",
        "version": "build",
        "versionType": "custom"
      }
    ]
  }
]

References

search.abb.com/library/Download.aspx?DocumentID=9AKK108467A0305&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.38192870.478847987.1655218701-372504397.1647012599

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

High

EPSS

0.001

Percentile

16.3%

JSON

Related for CVELIST:CVE-2022-31217