CVE-2022-31217

Name of the Vulnerable Software and Affected Versions Drive Composer (affected versions not specified) ABB Automation Builder (affected versions not specified)

Description The issue allows a low-privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content, provided the file does not already exist. Additionally, the installer file permits a low-privileged user to perform a "repair" operation on the product.

Recommendations For Drive Composer, consider restricting access to the installer file to prevent low-privileged users from running the "repair" operation until a fix is available. For ABB Automation Builder, at the moment, there is no information about a newer version that contains a fix for this issue.