Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a "repair" operation on the product.
Credits
This vulnerability was discovered by Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative. ABB appreciates their actions to keep our products safe for our customers.
