CVE-2022-31217: 
ABB Drive Composer pro vulnerability analysis and mitigation

CVE-2022-31217 is a vulnerability discovered in ABB's Drive Composer software that allows a low-privileged attacker to create and write files anywhere on the file system with SYSTEM privileges. The vulnerability affects multiple ABB products including Drive Composer Entry and Pro (versions 2.0 to 2.7), Automation Builder (versions 1.1.0 to 2.5.0), and Mint Workbench (builds 5866 and prior) (CISA Advisory).

The vulnerability is classified as an Improper Link Resolution Before File Access ('Link Following') vulnerability (CWE-59). It allows exploitation through the Drive Composer installer file, which permits low-privileged users to run a 'repair' operation on the product. The vulnerability has received a CVSS v3.1 base score of 7.8 (High) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating local access requirements but high impact potential (NVD, ZDI Advisory).

Successful exploitation of this vulnerability enables attackers to escalate privileges and execute arbitrary code in the context of SYSTEM. The attacker can create and write files with arbitrary content anywhere on the file system, as long as the target file does not already exist (ZDI Advisory).

ABB has released security updates to address this vulnerability. Users are recommended to update to Drive Composer version 2.7.1 or later, Automation Builder version 2.5.1 or later, and Mint Workbench Build 5868 or later. Organizations should also ensure control system devices are not accessible from the Internet and implement proper network segmentation (CISA Advisory).