CVE-2024-5402

July 15, 2024, 1 p.m.

7.8
High

Description

Unquoted Search Path or Element vulnerability in ABB Mint Workbench. A local attacker who successfully exploited this vulnerability could gain elevated privileges by inserting an executable file in the path of the affected service. This issue affects Mint Workbench I versions: from 5866 before 5868.

Product(s) Impacted

Product Versions
ABB Mint Workbench
  • ['5866', '5867']

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-428
Unquoted Search Path or Element
The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.

References

https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7912&LanguageCode=en&DocumentPartId=1&Action=Launch

Tags

CWE-428
cybersecurity@ch.abb.com
2024-07-15
CVE-2024-5402

CVSS Score

7.8 / 10

CVSS Data - 3.1

  • Attack Vector: LOCAL
  • Attack Complexity: LOW
  • Privileges Required: LOW
  • Scope: UNCHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: HIGH
  • Availability Impact: HIGH

    • CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

    View Vector String

Timeline

Published: July 15, 2024, 12:15 p.m.
Last Modified: July 15, 2024, 1 p.m.

Status : Awaiting Analysis

CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

More info

Source

cybersecurity@ch.abb.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.