Vulnerability Description
Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a "repair" operation on the product.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Abb | Automation Builder | >= 1.1.0, <= 2.5.0 |
| Abb | Drive Composer | >= 2.0, < 2.7.1 |
| Abb | Mint Workbench | <= 5866 |
Related Weaknesses (CWE)
References
- https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A0305&LanguageMitigationVendor Advisory
- https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A0305&LanguageMitigationVendor Advisory
FAQ
What is CVE-2022-31219?
CVE-2022-31219 is a vulnerability with a CVSS score of 7.3 (HIGH). Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already ex...
How severe is CVE-2022-31219?
CVE-2022-31219 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-31219?
Check the references section above for vendor advisories and patch information. Affected products include: Abb Automation Builder, Abb Drive Composer, Abb Mint Workbench.