CVE-2024-22106 HIGH

Published: 2024-07-02 | Last Modified: 2024-11-21 | Status: Modified

Description

Improper privilege management in Jungo WinDriver before 12.5.1 allows local attackers to escalate privileges, execute arbitrary code, or cause a Denial of Service (DoS).

Additional Descriptions (1)

La gestión inadecuada de privilegios en Jungo WinDriver anterior a 12.5.1 permite a atacantes locales escalar privilegios, ejecutar código arbitrario o provocar una denegación de servicio (DoS).

CVSS Metrics

Base Score: 7.8 (HIGH)

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector	LOCAL
Attack Complexity	LOW
Privileges Required	LOW
User Interaction	NONE
Scope	UNCHANGED
Confidentiality Impact	HIGH
Integrity Impact	HIGH
Availability Impact	HIGH

Source: [email protected]

Type: Primary

Exploitability Score: 1.8

Impact Score: 5.9

Weaknesses

Source	Type	Description
[email protected]	Primary	en NVD-CWE-noinfo
134c704f-9b21-4f2e-91b3-4a467353bcc0	Secondary	en CWE-269

Affected Products

Vendor	Product	Version	Update	Type
jungo	windriver	*	<built-in method update of dict object at 0x7d1ebce41740>	Application
mitsubishielectric	cpu_module_logging_configuration_tool	*	<built-in method update of dict object at 0x7d1ebce40ac0>	Application
mitsubishielectric	cw_configurator	*	<built-in method update of dict object at 0x7d1ebce42940>	Application
mitsubishielectric	data_transfer	*	<built-in method update of dict object at 0x7d1ebce31780>	Application
mitsubishielectric	data_transfer_classic	*	<built-in method update of dict object at 0x7d1ebce41440>	Application
mitsubishielectric	ezsocket	*	<built-in method update of dict object at 0x7d1ebce42f00>	Application
mitsubishielectric	fr_configurator_sw3	*	<built-in method update of dict object at 0x7d1ebce41100>	Application
mitsubishielectric	fr_configurator2	*	<built-in method update of dict object at 0x7d1e5febf540>	Application
mitsubishielectric	genesis64	*	<built-in method update of dict object at 0x7d1ebce41bc0>	Application
mitsubishielectric	gt_got1000	*	<built-in method update of dict object at 0x7d1ebce43c40>	Application
mitsubishielectric	gt_got2000	*	<built-in method update of dict object at 0x7d1e5febfb80>	Application
mitsubishielectric	gt_softgot1000	*	<built-in method update of dict object at 0x7d1ebce41d00>	Application
mitsubishielectric	gt_softgot2000	*	<built-in method update of dict object at 0x7d1e5febe5c0>	Application
mitsubishielectric	gx_developer	*	<built-in method update of dict object at 0x7d1e5febd340>	Application
mitsubishielectric	gx_logviewer	*	<built-in method update of dict object at 0x7d1e5febf080>	Application
mitsubishielectric	gx_works2	*	<built-in method update of dict object at 0x7d1e5febdc40>	Application
mitsubishielectric	gx_works3	*	<built-in method update of dict object at 0x7d1ebce415c0>	Application
mitsubishielectric	iq_works	*	<built-in method update of dict object at 0x7d1ebce42440>	Application
mitsubishielectric	mi_configurator	*	<built-in method update of dict object at 0x7d1ebce43b00>	Application
mitsubishielectric	mr_configurator	*	<built-in method update of dict object at 0x7d1e3571b880>	Application
mitsubishielectric	mr_configurator2	*	<built-in method update of dict object at 0x7d1e5febe840>	Application
mitsubishielectric	mx_component	*	<built-in method update of dict object at 0x7d1ebce42600>	Application
mitsubishielectric	mx_opc_server_da\/ua	*	<built-in method update of dict object at 0x7d1ebce43a80>	Application
mitsubishielectric	numerical_control_device_communication	*	<built-in method update of dict object at 0x7d1ebce401c0>	Application
mitsubishielectric	px_developer\/monitor_tool	*	<built-in method update of dict object at 0x7d1e5febff40>	Application
mitsubishielectric	rt_toolbox3	*	<built-in method update of dict object at 0x7d1e5febf7c0>	Application
mitsubishielectric	rt_visualbox	*	<built-in method update of dict object at 0x7d1ebce33c00>	Application
mitsubishielectric	mrzjw3-mc2-utl_firmware	*	<built-in method update of dict object at 0x7d1ebce43600>	Operating System
mitsubishielectric	sw0dnc-mneth-b_firmware	*	<built-in method update of dict object at 0x7d1ea0cf7e40>	Operating System
mitsubishielectric	sw1dnc-ccbd2-b_firmware	*	<built-in method update of dict object at 0x7d1ebce00d00>	Operating System
mitsubishielectric	sw1dnc-ccief-j_firmware	*	<built-in method update of dict object at 0x7d1ea0cf6900>	Operating System
mitsubishielectric	sw1dnc-ccief-b_firmware	*	<built-in method update of dict object at 0x7d1e64befd00>	Operating System
mitsubishielectric	sw1dnc-mnetg-b_firmware	*	<built-in method update of dict object at 0x7d1ea0cf7240>	Operating System
mitsubishielectric	sw1dnc-qsccf-b_firmware	*	<built-in method update of dict object at 0x7d1ea0cf7300>	Operating System
mitsubishielectric	sw1dnd-emsdk-b_firmware	*	<built-in method update of dict object at 0x7d1ea0cf5180>	Operating System

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:jungo:windriver::::::::`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:mitsubishielectric:cpu_module_logging_configuration_tool::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:cw_configurator::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:data_transfer::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:data_transfer_classic::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:ezsocket::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:fr_configurator_sw3::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:fr_configurator2::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:genesis64::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:gt_got1000::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:gt_got2000::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:gt_softgot1000::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:gt_softgot2000::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:gx_developer::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:gx_logviewer::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:gx_works2::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:gx_works3::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:iq_works::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:mi_configurator::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:mr_configurator::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:mr_configurator2::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:mx_component::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:mx_opc_server_da\/ua::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:numerical_control_device_communication::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:px_developer\/monitor_tool::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:rt_toolbox3::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:rt_visualbox::::::::`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:mitsubishielectric:mrzjw3-mc2-utl_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:mitsubishielectric:mrzjw3-mc2-utl:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:mitsubishielectric:sw0dnc-mneth-b_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:mitsubishielectric:sw0dnc-mneth-b:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:mitsubishielectric:sw1dnc-ccbd2-b_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:mitsubishielectric:sw1dnc-ccbd2-b:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:mitsubishielectric:sw1dnc-ccief-j_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:mitsubishielectric:sw1dnc-ccief-j:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:mitsubishielectric:sw1dnc-ccief-b_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:mitsubishielectric:sw1dnc-ccief-b:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:mitsubishielectric:sw1dnc-mnetg-b_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:mitsubishielectric:sw1dnc-mnetg-b:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:mitsubishielectric:sw1dnc-qsccf-b_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:mitsubishielectric:sw1dnc-qsccf-b:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:mitsubishielectric:sw1dnd-emsdk-b_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:mitsubishielectric:sw1dnd-emsdk-b:-:::::::*`

References

https://jungo.com/windriver/versions/
Source: [email protected]

Release Notes
https://www.cisa.gov/news-events/ics-advisories/icsa-24-135-04
Source: [email protected]

Third Party Advisory US Government Resource
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-001_en.pdf
Source: [email protected]

Third Party Advisory
https://jungo.com/windriver/versions/
Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes
https://www.cisa.gov/news-events/ics-advisories/icsa-24-135-04
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory US Government Resource
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-001_en.pdf
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory