Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a "repair" operation on the product.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 07:04
Type | Values Removed | Values Added |
---|---|---|
References | () https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A0305&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.38192870.478847987.1655218701-372504397.1647012599 - Mitigation, Vendor Advisory |
16 Sep 2024, 21:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a "repair" operation on the product. |
13 Sep 2023, 04:15
Type | Values Removed | Values Added |
---|---|---|
Summary | Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a "repair" operation on the product. |
24 Jul 2023, 13:30
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-59 |
Information
Published : 2022-06-15 19:15
Updated : 2024-11-21 07:04
NVD link : CVE-2022-31218
Mitre link : CVE-2022-31218
CVE.ORG link : CVE-2022-31218
JSON object : View
Products Affected
abb
- drive_composer
- mint_workbench
- automation_builder
CWE
CWE-59
Improper Link Resolution Before File Access ('Link Following')