SB2022071810 - Multiple vulnerabilities in ABB Automation Builder, Drive Composer and Mint WorkBench
Published: July 18, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 5 secuirty vulnerabilities.
1) Link following (CVE-ID: CVE-2022-31216)
The vulnerability allows a local user to escalate privileges.
The vulnerability exists due to the link following issue within the Drive Composer installer. A local user can create a symbolic link to overwrite a file and escalate privileges on the target system.
2) Link following (CVE-ID: CVE-2022-26057)
The vulnerability allows a local user to escalate privileges.
The vulnerability exists due to the link following issue in the Mint WorkBench . A local administrator can create a symbolic link to overwrite a file and escalate privileges on the target system.
3) Link following (CVE-ID: CVE-2022-31219)
The vulnerability allows a local user to escalate privileges.
The vulnerability exists due to the link following issue within the Drive Composer installer. A local user can create a symbolic link to overwrite a file and escalate privileges on the target system.
4) Link following (CVE-ID: CVE-2022-31218)
The vulnerability allows a local user to escalate privileges.
The vulnerability exists due to the link following issue within the Drive Composer installer. A local user can create a symbolic link to overwrite a file and escalate privileges on the target system.
5) Link following (CVE-ID: CVE-2022-31217)
The vulnerability allows a local user to escalate privileges.
The vulnerability exists due to the link following issue within the Drive Composer installer. A local user can create a symbolic link to overwrite a file and escalate privileges on the target system.
Remediation
Install update from vendor's website.
References
- https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A0305&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.38192870.478847987.1655218701-372504397.1647012599
- https://www.zerodayinitiative.com/advisories/ZDI-22-1012/
- https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A0305&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.38192870.478847987.1655218701-372504397.1647012599
- https://www.zerodayinitiative.com/advisories/ZDI-22-1014/
- https://www.zerodayinitiative.com/advisories/ZDI-22-1013/