Description

Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a "repair" operation on the product.

Related CPE's

a

abb

automation_builder

Vulnerable

a

abb

drive_composer

2

a

abb

mint_workbench

Vulnerable

References

https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A0305&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.38192870.478847987.1655218701-372504397.1647012599

MitigationVendor Advisory

Weaknesses

[email protected]

Primary
CWE-59

[email protected]

Secondary
CWE-59

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.8 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2022-06-15T19:15:11.420

3 years ago

Last modified

2024-09-17T00:15:46.000

10 months ago