CVE-2024-22104 MEDIUM

Published: 2024-07-02 | Last Modified: 2024-11-21 | Status: Modified

Description

Out-of-Bounds Write vulnerability in Jungo WinDriver before 12.5.1 allows local attackers to cause a Windows blue screen error and Denial of Service (DoS).

Additional Descriptions (1)

La vulnerabilidad de escritura fuera de los límites en Jungo WinDriver anterior a 12.5.1 permite a atacantes locales provocar un error de pantalla azul de Windows y denegación de servicio (DoS).

CVSS Metrics

Base Score: 5.5 (MEDIUM)

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector	LOCAL
Attack Complexity	LOW
Privileges Required	LOW
User Interaction	NONE
Scope	UNCHANGED
Confidentiality Impact	NONE
Integrity Impact	NONE
Availability Impact	HIGH

Source: [email protected]

Type: Primary

Exploitability Score: 1.8

Impact Score: 3.6

Weaknesses

Source	Type	Description
[email protected]	Primary	en CWE-787
134c704f-9b21-4f2e-91b3-4a467353bcc0	Secondary	en CWE-400

Affected Products

Vendor	Product	Version	Update	Type
jungo	windriver	*	<built-in method update of dict object at 0x7d1ea15c4d00>	Application
mitsubishielectric	cpu_module_logging_configuration_tool	*	<built-in method update of dict object at 0x7d1ebce43200>	Application
mitsubishielectric	cw_configurator	*	<built-in method update of dict object at 0x7d1ebce41c40>	Application
mitsubishielectric	data_transfer	*	<built-in method update of dict object at 0x7d1eb5960380>	Application
mitsubishielectric	data_transfer_classic	*	<built-in method update of dict object at 0x7d1ea15c46c0>	Application
mitsubishielectric	ezsocket	*	<built-in method update of dict object at 0x7d1ea15c7040>	Application
mitsubishielectric	fr_configurator_sw3	*	<built-in method update of dict object at 0x7d1ebce40700>	Application
mitsubishielectric	fr_configurator2	*	<built-in method update of dict object at 0x7d1ebce40580>	Application
mitsubishielectric	genesis64	*	<built-in method update of dict object at 0x7d1ebce40340>	Application
mitsubishielectric	gt_got1000	*	<built-in method update of dict object at 0x7d1ea15c4fc0>	Application
mitsubishielectric	gt_got2000	*	<built-in method update of dict object at 0x7d1ebce40100>	Application
mitsubishielectric	gt_softgot1000	*	<built-in method update of dict object at 0x7d1ebce43780>	Application
mitsubishielectric	gt_softgot2000	*	<built-in method update of dict object at 0x7d1ebce41e80>	Application
mitsubishielectric	gx_developer	*	<built-in method update of dict object at 0x7d1ebce41d80>	Application
mitsubishielectric	gx_logviewer	*	<built-in method update of dict object at 0x7d1ebce40840>	Application
mitsubishielectric	gx_works2	*	<built-in method update of dict object at 0x7d1ebce40c40>	Application
mitsubishielectric	gx_works3	*	<built-in method update of dict object at 0x7d1e64bed1c0>	Application
mitsubishielectric	iq_works	*	<built-in method update of dict object at 0x7d1ebce41cc0>	Application
mitsubishielectric	mi_configurator	*	<built-in method update of dict object at 0x7d1ebce40d00>	Application
mitsubishielectric	mr_configurator	*	<built-in method update of dict object at 0x7d1e3571b880>	Application
mitsubishielectric	mr_configurator2	*	<built-in method update of dict object at 0x7d1ebce41580>	Application
mitsubishielectric	mx_component	*	<built-in method update of dict object at 0x7d1ebce42380>	Application
mitsubishielectric	mx_opc_server_da\/ua	*	<built-in method update of dict object at 0x7d1ebce41c00>	Application
mitsubishielectric	numerical_control_device_communication	*	<built-in method update of dict object at 0x7d1ebce41b40>	Application
mitsubishielectric	px_developer\/monitor_tool	*	<built-in method update of dict object at 0x7d1ebce41a00>	Application
mitsubishielectric	rt_toolbox3	*	<built-in method update of dict object at 0x7d1ebce41300>	Application
mitsubishielectric	rt_visualbox	*	<built-in method update of dict object at 0x7d1eb4db9c00>	Application
mitsubishielectric	mrzjw3-mc2-utl_firmware	*	<built-in method update of dict object at 0x7d1ebce41500>	Operating System
mitsubishielectric	sw0dnc-mneth-b_firmware	*	<built-in method update of dict object at 0x7d1e64b95e40>	Operating System
mitsubishielectric	sw1dnc-ccbd2-b_firmware	*	<built-in method update of dict object at 0x7d1e64bed380>	Operating System
mitsubishielectric	sw1dnc-ccief-j_firmware	*	<built-in method update of dict object at 0x7d1e64b95100>	Operating System
mitsubishielectric	sw1dnc-ccief-b_firmware	*	<built-in method update of dict object at 0x7d1e5febf180>	Operating System
mitsubishielectric	sw1dnc-mnetg-b_firmware	*	<built-in method update of dict object at 0x7d1e64b97cc0>	Operating System
mitsubishielectric	sw1dnc-qsccf-b_firmware	*	<built-in method update of dict object at 0x7d1e64b964c0>	Operating System
mitsubishielectric	sw1dnd-emsdk-b_firmware	*	<built-in method update of dict object at 0x7d1e64b96c80>	Operating System

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:jungo:windriver::::::::`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:mitsubishielectric:cpu_module_logging_configuration_tool::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:cw_configurator::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:data_transfer::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:data_transfer_classic::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:ezsocket::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:fr_configurator_sw3::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:fr_configurator2::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:genesis64::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:gt_got1000::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:gt_got2000::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:gt_softgot1000::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:gt_softgot2000::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:gx_developer::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:gx_logviewer::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:gx_works2::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:gx_works3::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:iq_works::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:mi_configurator::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:mr_configurator::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:mr_configurator2::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:mx_component::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:mx_opc_server_da\/ua::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:numerical_control_device_communication::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:px_developer\/monitor_tool::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:rt_toolbox3::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:rt_visualbox::::::::`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:mitsubishielectric:mrzjw3-mc2-utl_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:mitsubishielectric:mrzjw3-mc2-utl:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:mitsubishielectric:sw0dnc-mneth-b_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:mitsubishielectric:sw0dnc-mneth-b:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:mitsubishielectric:sw1dnc-ccbd2-b_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:mitsubishielectric:sw1dnc-ccbd2-b:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:mitsubishielectric:sw1dnc-ccief-j_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:mitsubishielectric:sw1dnc-ccief-j:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:mitsubishielectric:sw1dnc-ccief-b_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:mitsubishielectric:sw1dnc-ccief-b:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:mitsubishielectric:sw1dnc-mnetg-b_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:mitsubishielectric:sw1dnc-mnetg-b:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:mitsubishielectric:sw1dnc-qsccf-b_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:mitsubishielectric:sw1dnc-qsccf-b:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:mitsubishielectric:sw1dnd-emsdk-b_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:mitsubishielectric:sw1dnd-emsdk-b:-:::::::*`

References

https://jungo.com/windriver/versions/
Source: [email protected]

Release Notes
https://www.cisa.gov/news-events/ics-advisories/icsa-24-135-04
Source: [email protected]

Third Party Advisory US Government Resource
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-001_en.pdf
Source: [email protected]

Third Party Advisory
https://jungo.com/windriver/versions/
Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes
https://www.cisa.gov/news-events/ics-advisories/icsa-24-135-04
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory US Government Resource
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-001_en.pdf
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory