ABB Drive Composer, Automation Builder, Mint Workbench

Plan Patch7.8ICS-CERT ICSA-22-202-01Jul 21, 2022

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

ABB Drive Composer, Automation Builder, and Mint Workbench contain an improper privilege assignment vulnerability (CWE-269) that could allow a local user to execute arbitrary code with elevated privileges. The vulnerability affects Drive Composer Entry and Pro versions 2.0 through 2.7, Automation Builder versions 1.1.0 through 2.5.0, and Mint Workbench builds 5866 and earlier. Successful exploitation requires local access to a workstation running the affected software; remote exploitation is not possible.

What this means

What could happen

An attacker with local access to a workstation running one of these ABB software tools could execute arbitrary code with the privileges of the user, potentially compromising engineering workstations used to configure and manage industrial automation systems.

Who's at risk

Engineering teams and operators who use ABB engineering workstations to configure, program, and maintain automation systems and variable frequency drives (VFDs). This includes staff using Automation Builder for PLC/controller programming, Drive Composer for drive configuration, and Mint Workbench for plant commissioning and setup.

How it could be exploited

An attacker with local access to a workstation running the vulnerable ABB software (Automation Builder, Drive Composer, or Mint Workbench) could exploit improper privilege handling to execute arbitrary code. This requires local code execution capability—the attacker cannot exploit this remotely, but if they gain initial access to an engineering workstation, they could escalate privileges and compromise the device used to program and configure your automation systems.

Prerequisites

Local access to a workstation running the vulnerable ABB software
User account with login privileges on the affected workstation
The vulnerable software application must be installed

Local access requiredLow complexityImproper privilege handling (CWE-269)Affects engineering workstations used to control critical automation systems

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (4)

4 with fix

ProductAffected VersionsFix Status

Drive Composer Pro:≥ 2.0 | ≤ 2.72.7.1

Automation Builder:≥ 1.1.0 | ≤ 2.5.02.5.1

Mint Workbench: Builds 5866 and prior≤ 5866Build 5868

Drive Composer Entry:≥ 2.0 | ≤ 2.72.7.1

Remediation & Mitigation

0/5

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

HOTFIXUpdate ABB Drive Composer to v2.7.1 or later

HOTFIXUpdate ABB Automation Builder to v2.5.1 or later

HOTFIXUpdate ABB Mint Workbench to Build 5868 or later

Long-term hardening

0/2

HARDENINGRestrict physical and network access to engineering workstations running these tools—locate them behind firewalls and isolate from business networks

HARDENINGImplement access controls on workstations to limit user account privileges and restrict who can log in to engineering systems

CVEs (5)

CVE-2022-31216 CVE-2022-31217 CVE-2022-31218 CVE-2022-31219 CVE-2022-26057

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/8b4dd5bb-6e80-4bc6-b8d3-3ec359e84463