CVE-2022-31216
published 2022-06-15CVE-2022-31216: Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary…
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a "repair" operation on the product.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| abb | abb_automation_builder | >= 1.1.0 < unspecified | unspecified |
| abb | abb_automation_builder | unspecified – 2.5.0 | — |
| abb | automation_builder | 1.1.0 – 2.5.0 | — |
| abb | drive_composer | >= 2.0 < 2.7.1 | 2.7.1 |
| abb | drive_composer_entry | >= 2.0 < unspecified | unspecified |
| abb | drive_composer_entry | unspecified – 2.7 | — |
| abb | drive_composer_pro | >= 2.0 < unspecified | unspecified |
| abb | drive_composer_pro | unspecified – 2.7 | — |
| abb | mint_workbench | <= 5866 | — |
| abb | mint_workbench | build – 5866 | — |