CVE-2022-31219

CWE-59CWE-269Improper Privilege Management3 documents3 sources
Severity
7.8HIGH
EPSS
0.0%
top 87.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
ABB ABB Automation BuilderABB Drive Composer EntryABB Drive Composer PRO+3 more
Timeline
PublishedJun 15
Latest updateJun 16

Description

Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a "repair" operation on the product.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 1.3 | Impact: 5.9

Affected Packages7 packages

NVDabb/drive_composer2.02.7.1
CVEListV5abb/drive_composer_pro2.0unspecified+1
CVEListV5abb/drive_composer_entry2.0unspecified+1
CVEListV5abb/abb_automation_builder1.1.0unspecified+1
CVEListV5abb/mint_workbenchbuild5866

🔴Vulnerability Details

2
GHSA
GHSA-mgwv-57p9-8v74: Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitra2022-06-16
CVEList
Drive Composer Link Following Local Privilege Escalation Vulnerability2022-06-15
CVE-2022-31219 (HIGH CVSS 7.8) | Vulnerabilities in the Drive Compos | cvebase.io