Lucene search

ABBCVELIST:CVE-2024-5402

HistoryJul 15, 2024 - 11:57 a.m.

CVE-2024-5402 Mint Workbench I Unquoted Service Path Enumeration

2024-07-1511:57:44

CWE-428

ABB

www.cve.org

unquoted service path

abb mint workbench

elevated privileges

local attacker

vulnerability

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS4

6.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/SC:L/VI:L/SI:H/VA:L/SA:H/S:N/AU:Y/R:U/V:C/RE:L

EPSS

Percentile

9.3%

JSON

Unquoted Search Path or Element vulnerability in ABB Mint Workbench.

A local attacker who successfully exploited this vulnerability could gain elevated privileges by inserting an executable file in the path of the affected service.

This issue affects Mint Workbench I versions: from 5866 before 5868.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows"
    ],
    "product": "Mint Workbench I",
    "vendor": "ABB",
    "versions": [
      {
        "lessThan": "5868",
        "status": "affected",
        "version": "5866",
        "versionType": "custom"
      }
    ]
  }
]

References

search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7912&LanguageCode=en&DocumentPartId=1&Action=Launch

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS4

6.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/SC:L/VI:L/SI:H/VA:L/SA:H/S:N/AU:Y/R:U/V:C/RE:L

EPSS

Percentile

9.3%

JSON

Related for CVELIST:CVE-2024-5402