CVE-2022-31219
Drive Composer Link Following Local Privilege Escalation Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a "repair" operation on the product.
Las vulnerabilidades en Drive Composer permiten a un atacante con pocos privilegios crear y escribir en un archivo en cualquier lugar del sistema de archivos como SYSTEM con contenido arbitrario, siempre y cuando el archivo no exista ya. El archivo de instalaciĆ³n de Drive Composer permite a un usuario con pocos privilegios ejecutar una operaciĆ³n de "repair" en el producto.
This vulnerability allows local attackers to escalate privileges on affected installations of ABB Automation Builder Platform. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the Drive Composer installer. By creating a symbolic link, an attacker can abuse the installer to create a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-05-19 CVE Reserved
- 2022-06-15 CVE Published
- 2024-09-16 CVE Updated
- 2024-11-14 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-59: Improper Link Resolution Before File Access ('Link Following')
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Abb Search vendor "Abb" | Automation Builder Search vendor "Abb" for product "Automation Builder" | >= 1.1.0 <= 2.5.0 Search vendor "Abb" for product "Automation Builder" and version " >= 1.1.0 <= 2.5.0" | - |
Affected
| ||||||
Abb Search vendor "Abb" | Drive Composer Search vendor "Abb" for product "Drive Composer" | >= 2.0 < 2.7.1 Search vendor "Abb" for product "Drive Composer" and version " >= 2.0 < 2.7.1" | entry |
Affected
| ||||||
Abb Search vendor "Abb" | Drive Composer Search vendor "Abb" for product "Drive Composer" | >= 2.0 < 2.7.1 Search vendor "Abb" for product "Drive Composer" and version " >= 2.0 < 2.7.1" | pro |
Affected
| ||||||
Abb Search vendor "Abb" | Mint Workbench Search vendor "Abb" for product "Mint Workbench" | <= 5866 Search vendor "Abb" for product "Mint Workbench" and version " <= 5866" | - |
Affected
|