Description
Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a "repair" operation on the product.
CVSS breakdown
CVSS 3.1
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected products
- ABB / ABB Automation Builder1.1.0 – unspecified
- ABB / ABB Automation Builderunspecified – 2.5.0
- ABB / Drive Composer entryunspecified – 2.7
- ABB / Drive Composer entry2.0 – unspecified
- ABB / Drive Composer prounspecified – 2.7
- ABB / Drive Composer pro2.0 – unspecified
- ABB / Mint WorkBenchbuild – 5866