CVE-2024-5402 - OpenCVE

Unquoted Search Path or Element vulnerability in ABB Mint Workbench. A local attacker who successfully exploited this vulnerability could gain elevated privileges by inserting an executable file in the path of the affected service. This issue affects Mint Workbench I versions: from 5866 before 5868.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact Low

Subsequent System Integrity Impact High

Subsequent System Availability Impact High

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Abb	Mint Workbench

Configuration 1 [-]

cpe:2.3:a:abb:mint_workbench:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7912&LanguageCode=en&DocumentPartId=1&Action=Launch

History

No history.

MITRE

Status: PUBLISHED

Assigner: ABB

Published: 2024-07-15T11:57:44.261Z

Updated: 2024-08-01T21:11:12.639Z

Reserved: 2024-05-27T06:28:25.877Z

Link: CVE-2024-5402

Vulnrichment

Updated: 2024-08-01T21:11:12.639Z

NVD

Status : Analyzed

Published: 2024-07-15T12:15:02.340

Modified: 2024-07-19T18:03:55.583

Link: CVE-2024-5402

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-5402", "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "state": "PUBLISHED", "assignerShortName": "ABB", "dateReserved": "2024-05-27T06:28:25.877Z", "datePublished": "2024-07-15T11:57:44.261Z", "dateUpdated": "2024-08-01T21:11:12.639Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Windows"], "product": "Mint Workbench I", "vendor": "ABB", "versions": [{"lessThan": "5868", "status": "affected", "version": "5866", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "ABB thanks Yoav Yehudai of Novartis for working with ABB in effort to protect our customers."}], "datePublic": "2024-07-15T04:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Unquoted Search Path or Element vulnerability in ABB Mint Workbench.<br><br>\n\nA local attacker who successfully exploited this vulnerability could gain elevated privileges by inserting an executable file in the path of the affected service.\n\n\n<p>This issue affects Mint Workbench I versions: from 5866 before 5868.</p>"}], "value": "Unquoted Search Path or Element vulnerability in ABB Mint Workbench.\n\n\n\nA local attacker who successfully exploited this vulnerability could gain elevated privileges by inserting an executable file in the path of the affected service.\n\n\nThis issue affects Mint Workbench I versions: from 5866 before 5868."}], "metrics": [{"cvssV4_0": {"Automatable": "YES", "Recovery": "USER", "Safety": "NEGLIGIBLE", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 6.2, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:L/SI:H/SA:H/S:N/AU:Y/R:U/V:C/RE:L", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "LOW"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-428", "description": "CWE-428 Unquoted Search Path or Element", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "shortName": "ABB", "dateUpdated": "2024-07-15T11:57:44.261Z"}, "references": [{"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7912&LanguageCode=en&DocumentPartId=1&Action=Launch"}], "source": {"discovery": "UNKNOWN"}, "title": "Mint Workbench I Unquoted Service Path Enumeration", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "abb", "product": "mint_workbench", "cpes": ["cpe:2.3:a:abb:mint_workbench:5866:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "5866", "status": "affected", "lessThan": "5868", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-15T13:08:32.219434Z", "id": "CVE-2024-5402", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-15T13:10:14.877Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:11:12.639Z"}, "title": "CVE Program Container", "references": [{"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7912&LanguageCode=en&DocumentPartId=1&Action=Launch", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7912&LanguageCode=en&DocumentPartId=1&Action=Launch", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:11:12.639Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-5402", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-07-15T13:08:32.219434Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:abb:mint_workbench:5866:*:*:*:*:*:*:*"], "vendor": "abb", "product": "mint_workbench", "versions": [{"status": "affected", "version": "5866", "lessThan": "5868", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-15T13:10:09.479Z"}}], "cna": {"title": "Mint Workbench I Unquoted Service Path Enumeration", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "ABB thanks Yoav Yehudai of Novartis for working with ABB in effort to protect our customers."}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NEGLIGIBLE", "version": "4.0", "Recovery": "USER", "baseScore": 6.2, "Automatable": "YES", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:L/SI:H/SA:H/S:N/AU:Y/R:U/V:C/RE:L", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "ABB", "product": "Mint Workbench I", "versions": [{"status": "affected", "version": "5866", "lessThan": "5868", "versionType": "custom"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}], "datePublic": "2024-07-15T04:30:00.000Z", "references": [{"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7912&LanguageCode=en&DocumentPartId=1&Action=Launch"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Unquoted Search Path or Element vulnerability in ABB Mint Workbench.\n\n\n\nA local attacker who successfully exploited this vulnerability could gain elevated privileges by inserting an executable file in the path of the affected service.\n\n\nThis issue affects Mint Workbench I versions: from 5866 before 5868.", "supportingMedia": [{"type": "text/html", "value": "Unquoted Search Path or Element vulnerability in ABB Mint Workbench.<br><br>\n\nA local attacker who successfully exploited this vulnerability could gain elevated privileges by inserting an executable file in the path of the affected service.\n\n\n<p>This issue affects Mint Workbench I versions: from 5866 before 5868.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-428", "description": "CWE-428 Unquoted Search Path or Element"}]}], "providerMetadata": {"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "shortName": "ABB", "dateUpdated": "2024-07-15T11:57:44.261Z"}}}, "cveMetadata": {"cveId": "CVE-2024-5402", "state": "PUBLISHED", "dateUpdated": "2024-08-01T21:11:12.639Z", "dateReserved": "2024-05-27T06:28:25.877Z", "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "datePublished": "2024-07-15T11:57:44.261Z", "assignerShortName": "ABB"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:abb:mint_workbench:*:*:*:*:*:*:*:*", "matchCriteriaId": "2D3943DF-0CD6-4CB6-A713-3C8308A03F52", "versionEndIncluding": "5868", "versionStartIncluding": "5866", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unquoted Search Path or Element vulnerability in ABB Mint Workbench.\n\n\n\nA local attacker who successfully exploited this vulnerability could gain elevated privileges by inserting an executable file in the path of the affected service.\n\n\nThis issue affects Mint Workbench I versions: from 5866 before 5868."}, {"lang": "es", "value": "Vulnerabilidad de elemento o ruta de b\u00fasqueda sin comillas en ABB Mint Workbench. Un atacante local que aprovechara con \u00e9xito esta vulnerabilidad podr\u00eda obtener privilegios elevados insertando un archivo ejecutable en la ruta del servicio afectado. Este problema afecta a las versiones de Mint Workbench I: desde 5866 antes de 5868."}], "id": "CVE-2024-5402", "lastModified": "2024-07-19T18:03:55.583", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "cybersecurity@ch.abb.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "automatable": "YES", "availabilityRequirements": "NOT_DEFINED", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "recovery": "USER", "safety": "NEGLIGIBLE", "subsequentSystemAvailability": "HIGH", "subsequentSystemConfidentiality": "LOW", "subsequentSystemIntegrity": "HIGH", "userInteraction": "NONE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:L/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:C/RE:L/U:X", "version": "4.0", "vulnerabilityResponseEffort": "LOW", "vulnerableSystemAvailability": "LOW", "vulnerableSystemConfidentiality": "NONE", "vulnerableSystemIntegrity": "LOW"}, "source": "cybersecurity@ch.abb.com", "type": "Secondary"}]}, "published": "2024-07-15T12:15:02.340", "references": [{"source": "cybersecurity@ch.abb.com", "tags": ["Vendor Advisory"], "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7912&LanguageCode=en&DocumentPartId=1&Action=Launch"}], "sourceIdentifier": "cybersecurity@ch.abb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-428"}], "source": "cybersecurity@ch.abb.com", "type": "Primary"}]}