Search criteria
2 vulnerabilities found for Mint Workbench I by ABB
CVE-2024-5402 (GCVE-0-2024-5402)
Vulnerability from cvelistv5 – Published: 2024-07-15 11:57 – Updated: 2024-08-01 21:11
VLAI?
Summary
Unquoted Search Path or Element vulnerability in ABB Mint Workbench.
A local attacker who successfully exploited this vulnerability could gain elevated privileges by inserting an executable file in the path of the affected service.
This issue affects Mint Workbench I versions: from 5866 before 5868.
Severity ?
CWE
- CWE-428 - Unquoted Search Path or Element
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ABB | Mint Workbench I |
Affected:
5866 , < 5868
(custom)
|
Credits
ABB thanks Yoav Yehudai of Novartis for working with ABB in effort to protect our customers.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:abb:mint_workbench:5866:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mint_workbench",
"vendor": "abb",
"versions": [
{
"lessThan": "5868",
"status": "affected",
"version": "5866",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5402",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-15T13:08:32.219434Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T13:10:14.877Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:11:12.639Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7912\u0026LanguageCode=en\u0026DocumentPartId=1\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Mint Workbench I",
"vendor": "ABB",
"versions": [
{
"lessThan": "5868",
"status": "affected",
"version": "5866",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "ABB thanks Yoav Yehudai of Novartis for working with ABB in effort to protect our customers."
}
],
"datePublic": "2024-07-15T04:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unquoted Search Path or Element vulnerability in ABB Mint Workbench.\u003cbr\u003e\u003cbr\u003e\n\nA local attacker who successfully exploited this vulnerability could gain elevated privileges by inserting an executable file in the path of the affected service.\n\n\n\u003cp\u003eThis issue affects Mint Workbench I versions: from 5866 before 5868.\u003c/p\u003e"
}
],
"value": "Unquoted Search Path or Element vulnerability in ABB Mint Workbench.\n\n\n\nA local attacker who successfully exploited this vulnerability could gain elevated privileges by inserting an executable file in the path of the affected service.\n\n\nThis issue affects Mint Workbench I versions: from 5866 before 5868."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NEGLIGIBLE",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:L/SI:H/SA:H/S:N/AU:Y/R:U/V:C/RE:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "CWE-428 Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T11:57:44.261Z",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7912\u0026LanguageCode=en\u0026DocumentPartId=1\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Mint Workbench I Unquoted Service Path Enumeration",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2024-5402",
"datePublished": "2024-07-15T11:57:44.261Z",
"dateReserved": "2024-05-27T06:28:25.877Z",
"dateUpdated": "2024-08-01T21:11:12.639Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5402 (GCVE-0-2024-5402)
Vulnerability from nvd – Published: 2024-07-15 11:57 – Updated: 2024-08-01 21:11
VLAI?
Summary
Unquoted Search Path or Element vulnerability in ABB Mint Workbench.
A local attacker who successfully exploited this vulnerability could gain elevated privileges by inserting an executable file in the path of the affected service.
This issue affects Mint Workbench I versions: from 5866 before 5868.
Severity ?
CWE
- CWE-428 - Unquoted Search Path or Element
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ABB | Mint Workbench I |
Affected:
5866 , < 5868
(custom)
|
Credits
ABB thanks Yoav Yehudai of Novartis for working with ABB in effort to protect our customers.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:abb:mint_workbench:5866:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mint_workbench",
"vendor": "abb",
"versions": [
{
"lessThan": "5868",
"status": "affected",
"version": "5866",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5402",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-15T13:08:32.219434Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T13:10:14.877Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:11:12.639Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7912\u0026LanguageCode=en\u0026DocumentPartId=1\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Mint Workbench I",
"vendor": "ABB",
"versions": [
{
"lessThan": "5868",
"status": "affected",
"version": "5866",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "ABB thanks Yoav Yehudai of Novartis for working with ABB in effort to protect our customers."
}
],
"datePublic": "2024-07-15T04:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unquoted Search Path or Element vulnerability in ABB Mint Workbench.\u003cbr\u003e\u003cbr\u003e\n\nA local attacker who successfully exploited this vulnerability could gain elevated privileges by inserting an executable file in the path of the affected service.\n\n\n\u003cp\u003eThis issue affects Mint Workbench I versions: from 5866 before 5868.\u003c/p\u003e"
}
],
"value": "Unquoted Search Path or Element vulnerability in ABB Mint Workbench.\n\n\n\nA local attacker who successfully exploited this vulnerability could gain elevated privileges by inserting an executable file in the path of the affected service.\n\n\nThis issue affects Mint Workbench I versions: from 5866 before 5868."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NEGLIGIBLE",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:L/SI:H/SA:H/S:N/AU:Y/R:U/V:C/RE:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "CWE-428 Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T11:57:44.261Z",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7912\u0026LanguageCode=en\u0026DocumentPartId=1\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Mint Workbench I Unquoted Service Path Enumeration",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2024-5402",
"datePublished": "2024-07-15T11:57:44.261Z",
"dateReserved": "2024-05-27T06:28:25.877Z",
"dateUpdated": "2024-08-01T21:11:12.639Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}