Multiple vulnerabilities in ABB Automation Builder, Drive Composer and Mint WorkBench
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 5 |
| CVE-ID | CVE-2022-31216 CVE-2022-26057 CVE-2022-31219 CVE-2022-31218 CVE-2022-31217 |
| CWE-ID | CWE-59 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Drive Compose entry Other software / Other software solutions Drive Composer pro Other software / Other software solutions Automation Builder Other software / Other software solutions Mint WorkBench Other software / Other software solutions |
| Vendor | ABB |
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
1) Link following
EUVDB-ID: #VU65377
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-31216
CWE-ID:
CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges.
The vulnerability exists due to the link following issue within the Drive Composer installer. A local user can create a symbolic link to overwrite a file and escalate privileges on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsDrive Compose entry: 2.0 - 2.7
Drive Composer pro: 2.0 - 2.7
Automation Builder: 1.1.0 - 2.5.0
External linkshttp://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A0305&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.38192870.478847987.1655218701-372504397.1647012599
http://www.zerodayinitiative.com/advisories/ZDI-22-1012/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Link following
EUVDB-ID: #VU65382
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-26057
CWE-ID:
CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges.
The vulnerability exists due to the link following issue in the Mint WorkBench . A local administrator can create a symbolic link to overwrite a file and escalate privileges on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMint WorkBench: 5866
Automation Builder: 1.1.0 - 2.5.0
Drive Compose entry: 2.0 - 2.7
External linksQ & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Link following
EUVDB-ID: #VU65381
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-31219
CWE-ID:
CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges.
The vulnerability exists due to the link following issue within the Drive Composer installer. A local user can create a symbolic link to overwrite a file and escalate privileges on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsDrive Compose entry: 2.0 - 2.7
Drive Composer pro: 2.0 - 2.7
Automation Builder: 1.1.0 - 2.5.0
External linkshttp://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A0305&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.38192870.478847987.1655218701-372504397.1647012599
http://www.zerodayinitiative.com/advisories/ZDI-22-1014/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Link following
EUVDB-ID: #VU65379
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-31218
CWE-ID:
CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges.
The vulnerability exists due to the link following issue within the Drive Composer installer. A local user can create a symbolic link to overwrite a file and escalate privileges on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsDrive Compose entry: 2.0 - 2.7
Drive Composer pro: 2.0 - 2.7
Automation Builder: 1.1.0 - 2.5.0
External linkshttp://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A0305&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.38192870.478847987.1655218701-372504397.1647012599
http://www.zerodayinitiative.com/advisories/ZDI-22-1014/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Link following
EUVDB-ID: #VU65378
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-31217
CWE-ID:
CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges.
The vulnerability exists due to the link following issue within the Drive Composer installer. A local user can create a symbolic link to overwrite a file and escalate privileges on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsDrive Compose entry: 2.0 - 2.7
Drive Composer pro: 2.0 - 2.7
Automation Builder: 1.1.0 - 2.5.0
External linkshttp://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A0305&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.38192870.478847987.1655218701-372504397.1647012599
http://www.zerodayinitiative.com/advisories/ZDI-22-1013/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
