CVE-2023-51776 HIGH

Published: 2024-07-02 | Last Modified: 2025-03-13 | Status: Modified

Description

Improper privilege management in Jungo WinDriver before 12.1.0 allows local attackers to escalate privileges and execute arbitrary code.

Additional Descriptions (1)

La gestión inadecuada de privilegios en Jungo WinDriver anterior a 12.1.0 permite a atacantes locales escalar privilegios y ejecutar código arbitrario.

CVSS Metrics

Base Score: 7.8 (HIGH)

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector	LOCAL
Attack Complexity	LOW
Privileges Required	LOW
User Interaction	NONE
Scope	UNCHANGED
Confidentiality Impact	HIGH
Integrity Impact	HIGH
Availability Impact	HIGH

Source: [email protected]

Type: Primary

Exploitability Score: 1.8

Impact Score: 5.9

Weaknesses

Source	Type	Description
[email protected]	Primary	en NVD-CWE-noinfo
134c704f-9b21-4f2e-91b3-4a467353bcc0	Secondary	en CWE-269

Affected Products

Vendor	Product	Version	Update	Type
jungo	windriver	*	<built-in method update of dict object at 0x7d1e6523ad40>	Application
mitsubishielectric	cpu_module_logging_configuration_tool	*	<built-in method update of dict object at 0x7d1e5414fcc0>	Application
mitsubishielectric	cw_configurator	*	<built-in method update of dict object at 0x7d1e5414eec0>	Application
mitsubishielectric	data_transfer	*	<built-in method update of dict object at 0x7d1e5f74c840>	Application
mitsubishielectric	data_transfer_classic	*	<built-in method update of dict object at 0x7d1e6523ba40>	Application
mitsubishielectric	ezsocket	*	<built-in method update of dict object at 0x7d1e5f8cb1c0>	Application
mitsubishielectric	fr_configurator_sw3	*	<built-in method update of dict object at 0x7d1e5414f940>	Application
mitsubishielectric	fr_configurator2	*	<built-in method update of dict object at 0x7d1e5414e3c0>	Application
mitsubishielectric	genesis64	*	<built-in method update of dict object at 0x7d1e5414c280>	Application
mitsubishielectric	gt_got1000	*	<built-in method update of dict object at 0x7d1e65239600>	Application
mitsubishielectric	gt_got2000	*	<built-in method update of dict object at 0x7d1e5414fc80>	Application
mitsubishielectric	gt_softgot1000	*	<built-in method update of dict object at 0x7d1e5414f140>	Application
mitsubishielectric	gt_softgot2000	*	<built-in method update of dict object at 0x7d1e5414fa00>	Application
mitsubishielectric	gx_developer	*	<built-in method update of dict object at 0x7d1e5414e700>	Application
mitsubishielectric	gx_logviewer	*	<built-in method update of dict object at 0x7d1e5414c540>	Application
mitsubishielectric	gx_works2	*	<built-in method update of dict object at 0x7d1e5414ccc0>	Application
mitsubishielectric	gx_works3	*	<built-in method update of dict object at 0x7d1e65239300>	Application
mitsubishielectric	iq_works	*	<built-in method update of dict object at 0x7d1e5414d2c0>	Application
mitsubishielectric	mi_configurator	*	<built-in method update of dict object at 0x7d1e5414f7c0>	Application
mitsubishielectric	mr_configurator	*	<built-in method update of dict object at 0x7d1e67eb2100>	Application
mitsubishielectric	mr_configurator2	*	<built-in method update of dict object at 0x7d1e5f8c9b00>	Application
mitsubishielectric	mx_component	*	<built-in method update of dict object at 0x7d1e5414cd40>	Application
mitsubishielectric	mx_opc_server_da\/ua	*	<built-in method update of dict object at 0x7d1e5414f700>	Application
mitsubishielectric	numerical_control_device_communication	*	<built-in method update of dict object at 0x7d1e5414c400>	Application
mitsubishielectric	px_developer\/monitor_tool	*	<built-in method update of dict object at 0x7d1e5414f200>	Application
mitsubishielectric	rt_toolbox3	*	<built-in method update of dict object at 0x7d1e5414fa80>	Application
mitsubishielectric	rt_visualbox	*	<built-in method update of dict object at 0x7d1e5f8c9280>	Application
mitsubishielectric	mrzjw3-mc2-utl_firmware	*	<built-in method update of dict object at 0x7d1e5414dac0>	Operating System
mitsubishielectric	sw0dnc-mneth-b_firmware	*	<built-in method update of dict object at 0x7d1e5f8c9800>	Operating System
mitsubishielectric	sw1dnc-ccbd2-b_firmware	*	<built-in method update of dict object at 0x7d1ea39fd600>	Operating System
mitsubishielectric	sw1dnc-ccief-j_firmware	*	<built-in method update of dict object at 0x7d1e6dcd7100>	Operating System
mitsubishielectric	sw1dnc-ccief-b_firmware	*	<built-in method update of dict object at 0x7d1ea39ffb00>	Operating System
mitsubishielectric	sw1dnc-mnetg-b_firmware	*	<built-in method update of dict object at 0x7d1ea39fddc0>	Operating System
mitsubishielectric	sw1dnc-qsccf-b_firmware	*	<built-in method update of dict object at 0x7d1ea39fc2c0>	Operating System
mitsubishielectric	sw1dnd-emsdk-b_firmware	*	<built-in method update of dict object at 0x7d1ea39fe880>	Operating System

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:jungo:windriver::::::::`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:mitsubishielectric:cpu_module_logging_configuration_tool::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:cw_configurator::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:data_transfer::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:data_transfer_classic::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:ezsocket::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:fr_configurator_sw3::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:fr_configurator2::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:genesis64::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:gt_got1000::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:gt_got2000::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:gt_softgot1000::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:gt_softgot2000::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:gx_developer::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:gx_logviewer::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:gx_works2::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:gx_works3::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:iq_works::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:mi_configurator::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:mr_configurator::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:mr_configurator2::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:mx_component::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:mx_opc_server_da\/ua::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:numerical_control_device_communication::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:px_developer\/monitor_tool::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:rt_toolbox3::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:rt_visualbox::::::::`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:mitsubishielectric:mrzjw3-mc2-utl_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:mitsubishielectric:mrzjw3-mc2-utl:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:mitsubishielectric:sw0dnc-mneth-b_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:mitsubishielectric:sw0dnc-mneth-b:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:mitsubishielectric:sw1dnc-ccbd2-b_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:mitsubishielectric:sw1dnc-ccbd2-b:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:mitsubishielectric:sw1dnc-ccief-j_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:mitsubishielectric:sw1dnc-ccief-j:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:mitsubishielectric:sw1dnc-ccief-b_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:mitsubishielectric:sw1dnc-ccief-b:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:mitsubishielectric:sw1dnc-mnetg-b_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:mitsubishielectric:sw1dnc-mnetg-b:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:mitsubishielectric:sw1dnc-qsccf-b_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:mitsubishielectric:sw1dnc-qsccf-b:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:mitsubishielectric:sw1dnd-emsdk-b_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:mitsubishielectric:sw1dnd-emsdk-b:-:::::::*`

References

https://jungo.com/windriver/versions/
Source: [email protected]

Release Notes
https://www.cisa.gov/news-events/ics-advisories/icsa-24-135-04
Source: [email protected]

Third Party Advisory US Government Resource
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-001_en.pdf
Source: [email protected]

Third Party Advisory
https://jungo.com/windriver/versions/
Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes
https://www.cisa.gov/news-events/ics-advisories/icsa-24-135-04
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory US Government Resource
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-001_en.pdf
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory