github - ghsa-g5w2-92px-9hwf

GHSA-G5W2-92PX-9HWF

Vulnerability from github – Published: 2022-06-16 00:00 – Updated: 2022-06-25 00:00

Details

Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a "repair" operation on the product.

Severity ?

7.8 (High)


                  
                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-31217"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269",
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-06-15T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a \"repair\" operation on the product.",
  "id": "GHSA-g5w2-92px-9hwf",
  "modified": "2022-06-25T00:00:51Z",
  "published": "2022-06-16T00:00:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31217"
    },
    {
      "type": "WEB",
      "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A0305\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\u0026_ga=2.38192870.478847987.1655218701-372504397.1647012599"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2022-31217 (GCVE-0-2022-31217)

Vulnerability from cvelistv5 – Published: 2022-06-15 18:47 – Updated: 2025-04-23 18:14

Summary

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-59 - Improper Link Resolution Before File Access ('Link Following')

Assigner

ABB

References

URL

Tags

https://search.abb.com/library/Download.aspx?Docu…

x_refsource_MISC

Impacted products

Vendor

Product

Version

ABB

Drive Composer entry

Affected: 2.0 , < unspecified (custom)
Affected: unspecified , ≤ 2.7 (custom)

ABB	Drive Composer pro	Affected: 2.0 , < unspecified (custom) Affected: unspecified , ≤ 2.7 (custom)
ABB	ABB Automation Builder	Affected: 1.1.0 , < unspecified (custom) Affected: unspecified , ≤ 2.5.0 (custom)
ABB	Mint WorkBench	Affected: build , ≤ 5866 (custom)

Credits

This vulnerability was discovered by Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative. ABB appreciates their actions to keep our products safe for our customers.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T07:11:39.867Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A0305\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\u0026_ga=2.38192870.478847987.1655218701-372504397.1647012599"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-31217",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T13:09:35.158899Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-23T18:14:35.662Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Drive Composer entry",
          "vendor": "ABB",
          "versions": [
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "2.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "2.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Drive Composer pro",
          "vendor": "ABB",
          "versions": [
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "2.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "2.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ABB Automation Builder",
          "vendor": "ABB",
          "versions": [
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "1.1.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "2.5.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Mint WorkBench",
          "vendor": "ABB",
          "versions": [
            {
              "lessThanOrEqual": "5866",
              "status": "affected",
              "version": "build",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "This vulnerability was discovered by Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative. ABB appreciates their actions to keep our products safe for our customers."
        }
      ],
      "datePublic": "2022-06-13T18:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eVulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a \u0026quot;repair\u0026quot; operation on the product.\u003c/p\u003e"
            }
          ],
          "value": "Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a \"repair\" operation on the product."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-59",
              "description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-13T03:55:38.351Z",
        "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
        "shortName": "ABB"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A0305\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\u0026_ga=2.38192870.478847987.1655218701-372504397.1647012599"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThe problem is corrected in the following product versions:\u003c/p\u003e\u003cp\u003eDrive Composer entry version 2.7.1\u003c/p\u003e\u003cp\u003eDrive Composer pro version 2.7.1\u003c/p\u003e\u003cp\u003eCustomers using Drive composer pro integrated in ABB Automation Builder should refer to section \u003c/p\u003e\u003cp\u003e\u201cWorkarounds\u201d in this document. \u003c/p\u003e\u003cp\u003eMint WorkBench Build 5868\u003c/p\u003e\u003cp\u003eABB recommends that customers apply the update at earliest convenience. Updated versions of Drive Composer are available immediately. ABB Automation Builder 2.5.1 and Mint WorkBench Build 5868 will be available before or during Q3/2022.\u003c/p\u003e"
            }
          ],
          "value": "The problem is corrected in the following product versions:\n\nDrive Composer entry version 2.7.1\n\nDrive Composer pro version 2.7.1\n\nCustomers using Drive composer pro integrated in ABB Automation Builder should refer to section \n\n\u201cWorkarounds\u201d in this document. \n\nMint WorkBench Build 5868\n\nABB recommends that customers apply the update at earliest convenience. Updated versions of Drive Composer are available immediately. ABB Automation Builder 2.5.1 and Mint WorkBench Build 5868 will be available before or during Q3/2022."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Drive Composer Link Following Local Privilege Escalation Vulnerability",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eABB has tested the following workarounds. Although these workarounds will not correct the underlying vulnerability, they can help block known attack vectors. When a workaround reduces functionality, this is identified below as \u201cImpact of workaround\u201d.\u003c/p\u003e\u003cp\u003eWith ABB Automation Builder it is possible to change the version of Drive Composer used so it is not mandatory to update that application immediately. Steps:\u003c/p\u003e\u003cp\u003e1) Install or upgrade Drive Composer pro version to 2.7.1\u003c/p\u003e\u003cp\u003e2) In ABB Automation Builder Options, select External tools.\u003c/p\u003e\u003cp\u003e3) At Drive composer pro-line, select Custom and select the installed Drive Composer pro version 2.7.1 executable typically in C:\\Program Files (x86)\\DriveWare\\Drive Composer pro\\2.7\u003c/p\u003e\u003cp\u003eAlternatively, users are able to remove the vulnerable Drive Composer for ABB Automation Builder. This can be done either from ABB Automation Builder Installation manager or from Windows Settings: Apps \u0026amp; features.\u003c/p\u003e"
            }
          ],
          "value": "ABB has tested the following workarounds. Although these workarounds will not correct the underlying vulnerability, they can help block known attack vectors. When a workaround reduces functionality, this is identified below as \u201cImpact of workaround\u201d.\n\nWith ABB Automation Builder it is possible to change the version of Drive Composer used so it is not mandatory to update that application immediately. Steps:\n\n1) Install or upgrade Drive Composer pro version to 2.7.1\n\n2) In ABB Automation Builder Options, select External tools.\n\n3) At Drive composer pro-line, select Custom and select the installed Drive Composer pro version 2.7.1 executable typically in C:\\Program Files (x86)\\DriveWare\\Drive Composer pro\\2.7\n\nAlternatively, users are able to remove the vulnerable Drive Composer for ABB Automation Builder. This can be done either from ABB Automation Builder Installation manager or from Windows Settings: Apps \u0026 features."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@ch.abb.com",
          "DATE_PUBLIC": "2022-06-14T15:00:00.000Z",
          "ID": "CVE-2022-31217",
          "STATE": "PUBLIC",
          "TITLE": "Drive Composer Link Following Local Privilege Escalation Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Drive Composer entry",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003e=",
                            "version_value": "2.0"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_value": "2.7"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Drive Composer pro",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003e=",
                            "version_value": "2.0"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_value": "2.7"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "ABB Automation Builder",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003e=",
                            "version_value": "1.1.0"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_value": "2.5.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Mint WorkBench",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "build",
                            "version_value": "5866"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "ABB"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "This vulnerability was discovered by Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative. ABB appreciates their actions to keep our products safe for our customers."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a \"repair\" operation on the product."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-269 Improper Privilege Management"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A0305\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\u0026_ga=2.38192870.478847987.1655218701-372504397.1647012599",
              "refsource": "MISC",
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A0305\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\u0026_ga=2.38192870.478847987.1655218701-372504397.1647012599"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "The problem is corrected in the following product versions:Drive Composer entry version 2.7.1Drive Composer pro version 2.7.1Customers using Drive composer pro integrated in ABB Automation Builder should refer to section \u201cWorkarounds\u201d in this document. Mint WorkBench Build 5868ABB recommends that customers apply the update at earliest convenience. Updated versions of Drive Composer are available immediately. ABB Automation Builder 2.5.1 and Mint WorkBench Build 5868 will be available before or during Q3/2022."
          }
        ],
        "source": {
          "discovery": "EXTERNAL"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "ABB has tested the following workarounds. Although these workarounds will not correct the underlying vulnerability, they can help block known attack vectors. When a workaround reduces functionality, this is identified below as \u201cImpact of workaround\u201d.With ABB Automation Builder it is possible to change the version of Drive Composer used so it is not mandatory to update that application immediately. Steps:1) Install or upgrade Drive Composer pro version to 2.7.12) In ABB Automation Builder Options, select External tools.3) At Drive composer pro-line, select Custom and select the installed Drive Composer pro version 2.7.1 executable typically in C:\\Program Files (x86)\\DriveWare\\Drive Composer pro\\2.7Alternatively, users are able to remove the vulnerable Drive Composer for ABB Automation Builder. This can be done either from ABB Automation Builder Installation manager or from Windows Settings: Apps \u0026 features."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
    "assignerShortName": "ABB",
    "cveId": "CVE-2022-31217",
    "datePublished": "2022-06-15T18:47:49.978Z",
    "dateReserved": "2022-05-19T00:00:00.000Z",
    "dateUpdated": "2025-04-23T18:14:35.662Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

GHSA-G5W2-92PX-9HWF

CVE-2022-31217 (GCVE-0-2022-31217)

Tags

Sightings

Nomenclature