CVE-2022-29483: 
ABB e-Design vulnerability analysis and mitigation

CVE-2022-29483 is a security vulnerability discovered in ABB e-Design software that was disclosed on June 28, 2022. This vulnerability is classified as an Incorrect Default Permissions issue (CWE-276) affecting all versions of ABB e-Design prior to 1.12.2.0006. The vulnerability received a CVSS v3.1 base score of 7.8 (High) (CISA Advisory, NVD).

The vulnerability stems from incorrect default permissions in the e-Design installer that could be exploited by creating a symbolic link, allowing an attacker to abuse the installer to delete files. The vulnerability has been assigned a CVSS vector string of CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating local access required, low attack complexity, low privileges required, and high impact on confidentiality, integrity, and availability (ZDI Advisory).

If successfully exploited, this vulnerability allows an attacker to install malicious software that executes with SYSTEM permissions, potentially compromising the confidentiality, integrity, and availability of the target machine. The attacker could escalate privileges and execute arbitrary code in the context of SYSTEM (CISA Advisory, ZDI Advisory).

ABB has released version 1.12.2.0006 to address this vulnerability. Until the update can be applied, it is recommended that machine owners prevent other users from logging into the system and ensure the machine is not left unlocked when not in use (CISA Advisory).