high
7.8
CWE
269
Advisory Published
Updated

CVE-2022-26057: Mint WorkBench Link Following Local Privilege Escalation Vulnerability

First published: Tue Jun 14 2022(Updated: )

Vulnerabilities in the Mint WorkBench allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Mint WorkBench installer file allows a low-privileged user to run a "repair" operation on the product

Credit: cybersecurity@ch.abb.com

Affected SoftwareAffected VersionHow to fix
ABB Mint Workbench<=5866

Remedy

The problem is corrected in the following product versions: Drive Composer entry version 2.7.1 Drive Composer pro version 2.7.1 Customers using Drive composer pro integrated in ABB Automation Builder should refer to section “Workarounds” in this document. Mint WorkBench Build 5868 ABB recommends that customers apply the update at earliest convenience. Updated versions of Drive Composer are available immediately. ABB Automation Builder 2.5.1 and Mint WorkBench Build 5868 will be available before or during Q3/2022.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2022-26057?

    The severity of CVE-2022-26057 is high with a CVSS score of 7.8.

  • What is the affected software for CVE-2022-26057?

    The affected software for CVE-2022-26057 is the Mint WorkBench version 5866 by Abb.

  • How does CVE-2022-26057 allow an attacker to create and write to a file anywhere on the file system?

    CVE-2022-26057 allows a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM by running a "repair" operation using the Mint WorkBench installer file.

  • What can an attacker do with CVE-2022-26057?

    An attacker with CVE-2022-26057 can create and write to a file anywhere on the file system as SYSTEM with arbitrary content, as long as the file does not already exist.

  • Is there a fix available for CVE-2022-26057?

    It is recommended to update to a fixed version of the Mint WorkBench software to mitigate CVE-2022-26057.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203