CVE-2022-31217 – Drive Composer Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-31217
Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a "repair" operation on the product. Las vulnerabilidades en Drive Composer permiten a un atacante con pocos privilegios crear y escribir en un archivo en cualquier lugar del sistema de archivos como SYSTEM con contenido arbitrario, siempre y cuando el archivo no exista ya. El archivo de instalación de Drive Composer permite a un usuario con pocos privilegios ejecutar una operación de "repair" en el producto. This vulnerability allows local attackers to escalate privileges on affected installations of ABB Automation Builder Platform. • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A0305&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.38192870.478847987.1655218701-372504397.1647012599 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2022-31216 – Drive Composer Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-31216
Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a "repair" operation on the product. Las vulnerabilidades en Drive Composer permiten a un atacante con pocos privilegios crear y escribir en un archivo en cualquier lugar del sistema de archivos como SYSTEM con contenido arbitrario, siempre y cuando el archivo no exista ya. El archivo de instalación de Drive Composer permite a un usuario con pocos privilegios ejecutar una operación de "repair" en el producto. This vulnerability allows local attackers to escalate privileges on affected installations of ABB Automation Builder Platform. • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A0305&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.38192870.478847987.1655218701-372504397.1647012599 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2022-26057 – Mint WorkBench Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-26057
Vulnerabilities in the Mint WorkBench allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Mint WorkBench installer file allows a low-privileged user to run a "repair" operation on the product Unas vulnerabilidades en Mint WorkBench permiten a un atacante con pocos privilegios crear y escribir en un archivo en cualquier parte del sistema de archivos como SYSTEM con contenido arbitrario siempre que el archivo no exista ya. El archivo de instalación de Mint WorkBench permite a un usuario con pocos privilegios ejecutar una operación de "reparación" en el producto • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A0305&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.38192870.478847987.1655218701-372504397.1647012599 • CWE-269: Improper Privilege Management •
CVE-2022-29483 – e-Design - Multiple vulnerabilities
https://notcve.org/view.php?id=CVE-2022-29483
Incorrect Default Permissions vulnerability in ABB e-Design allows attacker to install malicious software executing with SYSTEM permissions violating confidentiality, integrity, and availability of the target machine. Una vulnerabilidad de Permisos Predeterminados Incorrectos en ABB e-Design permite a un atacante instalar software malicioso que es ejecutado con permisos SYSTEM, violando la confidencialidad, la integridad y la disponibilidad de la máquina de destino This vulnerability allows local attackers to escalate privileges on affected installations of ABB e-Design. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the e-Design installer. By creating a symbolic link, an attacker can abuse the installer to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://search.abb.com/library/Download.aspx?DocumentID=2%20CMT%200%200%206%200%208%206&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-276: Incorrect Default Permissions •
CVE-2022-28702 – e-Design - Multiple vulnerabilities
https://notcve.org/view.php?id=CVE-2022-28702
Incorrect Default Permissions vulnerability in ABB e-Design allows attacker to install malicious software executing with SYSTEM permissions violating confidentiality, integrity, and availability of the target machine. Una vulnerabilidad de Permisos Predeterminados Incorrectos en ABB e-Design permite a un atacante instalar software malicioso que es ejecutado con permisos SYSTEM, violando la confidencialidad, la integridad y la disponibilidad de la máquina de destino This vulnerability allows local attackers to create a denial-of-service condition on affected installations of ABB e-Design. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the installer. By creating a symbolic link, an attacker can abuse the installer to create a file. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. • https://search.abb.com/library/Download.aspx?DocumentID=2%20CMT%200%200%206%200%208%206&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-276: Incorrect Default Permissions •