CVE-2022-31217

Description

Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a "repair" operation on the product.

Related CPE's

a abb mint_workbench ********

a abb automation_builder ********

a abb drive_composer ****pro ***

a abb drive_composer ****entry ***

References

https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A0305&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.38192870.478847987.1655218701-372504397.1647012599

MitigationVendor Advisory

CvssV3 impact

Could not find any metrics

CvssV2 impact

AccessComplexity	LOW
ConfidentialityImpact	COMPLETE
AvailabilityImpact	COMPLETE
IntegrityImpact	COMPLETE
BaseScore	7.199999809265137
VectorString	AV:L/AC:L/Au:N/C:C/I:C/A:C
Version	2.0
AccessVector	LOCAL
Authentication	NONE

Created by Yello

About Severity.io