Drive Composer Link Following Local Privilege Escalation Vulnerability
CVE-2022-31218

7.8HIGH

Key Information:

Vendor: Abb
Status: Drive Composer Entry; Drive Composer Pro; Abb Automation Builder; Mint Workbench
Vendor: CVE Published:; 15 June 2022

What is CVE-2022-31218?

Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a "repair" operation on the product.

Affected Version(s)

ABB Automation Builder 1.1.0

ABB Automation Builder <= 2.5.0

Drive Composer entry 2.0

References

https://search.abb.com/library/Download.aspx?DocumentID=9...

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 15, 2022
Vulnerability Reserved
May 19, 2022

Credit

This vulnerability was discovered by Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative. ABB appreciates their actions to keep our products safe for our customers.

Abb

What is CVE-2022-31218?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit