First published: Tue Jun 14 2022(Updated: )
Vulnerabilities in the Mint WorkBench allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Mint WorkBench installer file allows a low-privileged user to run a "repair" operation on the product
Credit: cybersecurity@ch.abb.com
Affected Software | Affected Version | How to fix |
---|---|---|
ABB Mint Workbench | <=5866 |
The problem is corrected in the following product versions: Drive Composer entry version 2.7.1 Drive Composer pro version 2.7.1 Customers using Drive composer pro integrated in ABB Automation Builder should refer to section “Workarounds” in this document. Mint WorkBench Build 5868 ABB recommends that customers apply the update at earliest convenience. Updated versions of Drive Composer are available immediately. ABB Automation Builder 2.5.1 and Mint WorkBench Build 5868 will be available before or during Q3/2022.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2022-26057 is high with a CVSS score of 7.8.
The affected software for CVE-2022-26057 is the Mint WorkBench version 5866 by Abb.
CVE-2022-26057 allows a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM by running a "repair" operation using the Mint WorkBench installer file.
An attacker with CVE-2022-26057 can create and write to a file anywhere on the file system as SYSTEM with arbitrary content, as long as the file does not already exist.
It is recommended to update to a fixed version of the Mint WorkBench software to mitigate CVE-2022-26057.