CVE-2022-31218

Drive Composer Link Following Local Privilege Escalation Vulnerability

Severity Score

7.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a "repair" operation on the product.

Las vulnerabilidades en Drive Composer permiten a un atacante con pocos privilegios crear y escribir en un archivo en cualquier lugar del sistema de archivos como SYSTEM con contenido arbitrario, siempre y cuando el archivo no exista ya. El archivo de instalación de Drive Composer permite a un usuario con pocos privilegios ejecutar una operación de "repair" en el producto.

This vulnerability allows local attackers to escalate privileges on affected installations of ABB Automation Builder Platform. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the Drive Composer installer. By creating a symbolic link, an attacker can abuse the installer to overwrite a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM.

*Credits: This vulnerability was discovered by Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative. ABB appreciates their actions to keep our products safe for our customers.

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-05-19 CVE Reserved
2022-06-15 CVE Published
2024-09-16 CVE Updated
2024-11-14 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-59: Improper Link Resolution Before File Access ('Link Following')

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A0305&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.38192870.478847987.1655218701-372504397.1647012599	2023-09-13

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Abb Search vendor "Abb"		Automation Builder Search vendor "Abb" for product "Automation Builder"				>= 1.1.0 <= 2.5.0 Search vendor "Abb" for product "Automation Builder" and version " >= 1.1.0 <= 2.5.0"		-		Affected
Abb Search vendor "Abb"		Drive Composer Search vendor "Abb" for product "Drive Composer"				>= 2.0 < 2.7.1 Search vendor "Abb" for product "Drive Composer" and version " >= 2.0 < 2.7.1"		entry		Affected
Abb Search vendor "Abb"		Drive Composer Search vendor "Abb" for product "Drive Composer"				>= 2.0 < 2.7.1 Search vendor "Abb" for product "Drive Composer" and version " >= 2.0 < 2.7.1"		pro		Affected
Abb Search vendor "Abb"		Mint Workbench Search vendor "Abb" for product "Mint Workbench"				<= 5866 Search vendor "Abb" for product "Mint Workbench" and version " <= 5866"		-		Affected