CVE-2022-26057

Vulnerabilities in the Mint WorkBench allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Mint WorkBench installer file allows a low-privileged user to run a "repair" operation on the product

CVSS v3 7.8 HIGH
CVSS v2.0 7.2 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A0305&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.38192870.478847987.1655218701-372504397.1647012599	Mitigation Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:abb:mint_workbench:*:*:*:*:*:*:*:*

History

24 Jun 2022, 18:58

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 7.2 v3 : 7.8
CPE		cpe:2.3:a:abb:mint_workbench::::::::
First Time		Abb Abb mint Workbench
CWE		CWE-269
References	~~(MISC) https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A0305&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.38192870.478847987.1655218701-372504397.1647012599 -~~	(MISC) https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A0305&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.38192870.478847987.1655218701-372504397.1647012599 - Mitigation, Vendor Advisory

15 Jun 2022, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-06-15 19:15

Updated : 2023-12-10 14:22

NVD link : CVE-2022-26057

Mitre link : CVE-2022-26057

CVE.ORG link : CVE-2022-26057

JSON object : View

Products Affected

abb

mint_workbench

CWE

CWE-269

Improper Privilege Management

{"id": "CVE-2022-26057", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "cybersecurity@ch.abb.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.8}]}, "published": "2022-06-15T19:15:10.897", "references": [{"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A0305&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.38192870.478847987.1655218701-372504397.1647012599", "tags": ["Mitigation", "Vendor Advisory"], "source": "cybersecurity@ch.abb.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-269"}]}, {"type": "Secondary", "source": "cybersecurity@ch.abb.com", "description": [{"lang": "en", "value": "CWE-269"}]}], "descriptions": [{"lang": "en", "value": "Vulnerabilities in the Mint WorkBench allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Mint WorkBench installer file allows a low-privileged user to run a \"repair\" operation on the product"}, {"lang": "es", "value": "Unas vulnerabilidades en Mint WorkBench permiten a un atacante con pocos privilegios crear y escribir en un archivo en cualquier parte del sistema de archivos como SYSTEM con contenido arbitrario siempre que el archivo no exista ya. El archivo de instalaci\u00f3n de Mint WorkBench permite a un usuario con pocos privilegios ejecutar una operaci\u00f3n de \"reparaci\u00f3n\" en el producto"}], "lastModified": "2022-06-24T18:58:00.600", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:abb:mint_workbench:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C7F4F3A0-B9F2-4C0D-A36F-707DA94B4164", "versionEndIncluding": "5866"}], "operator": "OR"}]}], "sourceIdentifier": "cybersecurity@ch.abb.com"}