CVE-2022-31219 - OpenCVE

Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a "repair" operation on the product.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Abb	Drive Composer Automation Builder Mint Workbench

Configuration 1 [-]

OR	cpe:2.3:a:abb:automation_builder::::::::
	cpe:2.3:a:abb:drive_composer:::::entry:::*
	cpe:2.3:a:abb:drive_composer:::::pro:::*
	cpe:2.3:a:abb:mint_workbench::::::::

References

Link	Resource
https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A0305&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.38192870.478847987.1655218701-372504397.1647012599	Mitigation Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: ABB

Published: 2022-06-14T00:00:00

Updated: 2023-09-13T03:56:25.473Z

Reserved: 2022-05-19T00:00:00

Link: CVE-2022-31219

JSON object: View

NVD Information

Status : Modified

Published: 2022-06-15T19:15:11.530

Modified: 2023-09-13T04:15:10.627

Link: CVE-2022-31219

JSON object: View

Redhat Information

No data.

CWE

CWE-59

{"containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Drive Composer entry", "vendor": "ABB", "versions": [{"lessThan": "unspecified", "status": "affected", "version": "2.0", "versionType": "custom"}, {"lessThanOrEqual": "2.7", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Drive Composer pro", "vendor": "ABB", "versions": [{"lessThan": "unspecified", "status": "affected", "version": "2.0", "versionType": "custom"}, {"lessThanOrEqual": "2.7", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "ABB Automation Builder", "vendor": "ABB", "versions": [{"lessThan": "unspecified", "status": "affected", "version": "1.1.0", "versionType": "custom"}, {"lessThanOrEqual": "2.5.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Mint WorkBench", "vendor": "ABB", "versions": [{"lessThanOrEqual": "5866", "status": "affected", "version": "build", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "This vulnerability was discovered by Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative. ABB appreciates their actions to keep our products safe for our customers."}], "datePublic": "2022-06-13T18:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a "repair" operation on the product.</p>"}], "value": "Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a \"repair\" operation on the product.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-59", "description": "CWE-59 Improper Link Resolution Before File Access ('Link Following')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "shortName": "ABB", "dateUpdated": "2023-09-13T03:56:25.473Z"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A0305&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.38192870.478847987.1655218701-372504397.1647012599"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>The problem is corrected in the following product versions:</p><p>Drive Composer entry version 2.7.1</p><p>Drive Composer pro version 2.7.1</p><p>Customers using Drive composer pro integrated in ABB Automation Builder should refer to section </p><p>\u201cWorkarounds\u201d in this document. </p><p>Mint WorkBench Build 5868</p><p>ABB recommends that customers apply the update at earliest convenience. Updated versions of Drive Composer are available immediately. ABB Automation Builder 2.5.1 and Mint WorkBench Build 5868 will be available before or during Q3/2022.</p>"}], "value": "The problem is corrected in the following product versions:\n\nDrive Composer entry version 2.7.1\n\nDrive Composer pro version 2.7.1\n\nCustomers using Drive composer pro integrated in ABB Automation Builder should refer to section \n\n\u201cWorkarounds\u201d in this document. \n\nMint WorkBench Build 5868\n\nABB recommends that customers apply the update at earliest convenience. Updated versions of Drive Composer are available immediately. ABB Automation Builder 2.5.1 and Mint WorkBench Build 5868 will be available before or during Q3/2022.\n\n"}], "source": {"discovery": "EXTERNAL"}, "title": "Drive Composer Link Following Local Privilege Escalation Vulnerability", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>ABB has tested the following workarounds. Although these workarounds will not correct the underlying vulnerability, they can help block known attack vectors. When a workaround reduces functionality, this is identified below as \u201cImpact of workaround\u201d.</p><p>With ABB Automation Builder it is possible to change the version of Drive Composer used so it is not mandatory to update that application immediately. Steps:</p><p>1) Install or upgrade Drive Composer pro version to 2.7.1</p><p>2) In ABB Automation Builder Options, select External tools.</p><p>3) At Drive composer pro-line, select Custom and select the installed Drive Composer pro version 2.7.1 executable typically in C:\\Program Files (x86)\\DriveWare\\Drive Composer pro\\2.7</p><p>Alternatively, users are able to remove the vulnerable Drive Composer for ABB Automation Builder. This can be done either from ABB Automation Builder Installation manager or from Windows Settings: Apps & features.</p>"}], "value": "ABB has tested the following workarounds. Although these workarounds will not correct the underlying vulnerability, they can help block known attack vectors. When a workaround reduces functionality, this is identified below as \u201cImpact of workaround\u201d.\n\nWith ABB Automation Builder it is possible to change the version of Drive Composer used so it is not mandatory to update that application immediately. Steps:\n\n1) Install or upgrade Drive Composer pro version to 2.7.1\n\n2) In ABB Automation Builder Options, select External tools.\n\n3) At Drive composer pro-line, select Custom and select the installed Drive Composer pro version 2.7.1 executable typically in C:\\Program Files (x86)\\DriveWare\\Drive Composer pro\\2.7\n\nAlternatively, users are able to remove the vulnerable Drive Composer for ABB Automation Builder. This can be done either from ABB Automation Builder Installation manager or from Windows Settings: Apps & features.\n\n"}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cybersecurity@ch.abb.com", "DATE_PUBLIC": "2022-06-14T15:00:00.000Z", "ID": "CVE-2022-31219", "STATE": "PUBLIC", "TITLE": "Drive Composer Link Following Local Privilege Escalation Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Drive Composer entry", "version": {"version_data": [{"version_affected": ">=", "version_value": "2.0"}, {"version_affected": "<=", "version_value": "2.7"}]}}, {"product_name": "Drive Composer pro", "version": {"version_data": [{"version_affected": ">=", "version_value": "2.0"}, {"version_affected": "<=", "version_value": "2.7"}]}}, {"product_name": "ABB Automation Builder", "version": {"version_data": [{"version_affected": ">=", "version_value": "1.1.0"}, {"version_affected": "<=", "version_value": "2.5.0"}]}}, {"product_name": "Mint WorkBench", "version": {"version_data": [{"version_affected": "<=", "version_name": "build", "version_value": "5866"}]}}]}, "vendor_name": "ABB"}]}}, "credit": [{"lang": "eng", "value": "This vulnerability was discovered by Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative. ABB appreciates their actions to keep our products safe for our customers."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a \"repair\" operation on the product."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-269 Improper Privilege Management"}]}]}, "references": {"reference_data": [{"name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A0305&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.38192870.478847987.1655218701-372504397.1647012599", "refsource": "MISC", "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A0305&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.38192870.478847987.1655218701-372504397.1647012599"}]}, "solution": [{"lang": "en", "value": "The problem is corrected in the following product versions:Drive Composer entry version 2.7.1Drive Composer pro version 2.7.1Customers using Drive composer pro integrated in ABB Automation Builder should refer to section \u201cWorkarounds\u201d in this document. Mint WorkBench Build 5868ABB recommends that customers apply the update at earliest convenience. Updated versions of Drive Composer are available immediately. ABB Automation Builder 2.5.1 and Mint WorkBench Build 5868 will be available before or during Q3/2022."}], "source": {"discovery": "EXTERNAL"}, "work_around": [{"lang": "en", "value": "ABB has tested the following workarounds. Although these workarounds will not correct the underlying vulnerability, they can help block known attack vectors. When a workaround reduces functionality, this is identified below as \u201cImpact of workaround\u201d.With ABB Automation Builder it is possible to change the version of Drive Composer used so it is not mandatory to update that application immediately. Steps:1) Install or upgrade Drive Composer pro version to 2.7.12) In ABB Automation Builder Options, select External tools.3) At Drive composer pro-line, select Custom and select the installed Drive Composer pro version 2.7.1 executable typically in C:\\Program Files (x86)\\DriveWare\\Drive Composer pro\\2.7Alternatively, users are able to remove the vulnerable Drive Composer for ABB Automation Builder. This can be done either from ABB Automation Builder Installation manager or from Windows Settings: Apps & features."}]}}}, "cveMetadata": {"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "assignerShortName": "ABB", "cveId": "CVE-2022-31219", "datePublished": "2022-06-14T00:00:00", "dateReserved": "2022-05-19T00:00:00", "dateUpdated": "2023-09-13T03:56:25.473Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:abb:automation_builder:*:*:*:*:*:*:*:*", "matchCriteriaId": "38FE89E6-0F80-4393-8A62-90BF78D2495E", "versionEndIncluding": "2.5.0", "versionStartIncluding": "1.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:abb:drive_composer:*:*:*:*:entry:*:*:*", "matchCriteriaId": "AEEEC057-B4AD-4AD0-BD41-FCD3D7377A34", "versionEndExcluding": "2.7.1", "versionStartIncluding": "2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:abb:drive_composer:*:*:*:*:pro:*:*:*", "matchCriteriaId": "A7208649-9496-4B04-9290-F6C833AB595C", "versionEndExcluding": "2.7.1", "versionStartIncluding": "2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:abb:mint_workbench:*:*:*:*:*:*:*:*", "matchCriteriaId": "C7F4F3A0-B9F2-4C0D-A36F-707DA94B4164", "versionEndIncluding": "5866", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a \"repair\" operation on the product.\n\n"}, {"lang": "es", "value": "Las vulnerabilidades en Drive Composer permiten a un atacante con pocos privilegios crear y escribir en un archivo en cualquier lugar del sistema de archivos como SYSTEM con contenido arbitrario, siempre y cuando el archivo no exista ya. El archivo de instalaci\u00f3n de Drive Composer permite a un usuario con pocos privilegios ejecutar una operaci\u00f3n de \"repair\" en el producto."}], "id": "CVE-2022-31219", "lastModified": "2023-09-13T04:15:10.627", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 5.9, "source": "cybersecurity@ch.abb.com", "type": "Secondary"}]}, "published": "2022-06-15T19:15:11.530", "references": [{"source": "cybersecurity@ch.abb.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A0305&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.38192870.478847987.1655218701-372504397.1647012599"}], "sourceIdentifier": "cybersecurity@ch.abb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "cybersecurity@ch.abb.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-59"}], "source": "nvd@nist.gov", "type": "Secondary"}]}