CVE-2024-25088 HIGH

Published: 2024-07-02 | Last Modified: 2024-11-21 | Status: Modified

Description

Improper privilege management in Jungo WinDriver before 12.5.1 allows local attackers to escalate privileges and execute arbitrary code.

Additional Descriptions (1)

La gestión inadecuada de privilegios en Jungo WinDriver anterior a 12.5.1 permite a atacantes locales escalar privilegios y ejecutar código arbitrario.

CVSS Metrics

Base Score: 7.8 (HIGH)

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector	LOCAL
Attack Complexity	LOW
Privileges Required	LOW
User Interaction	NONE
Scope	UNCHANGED
Confidentiality Impact	HIGH
Integrity Impact	HIGH
Availability Impact	HIGH

Source: [email protected]

Type: Primary

Exploitability Score: 1.8

Impact Score: 5.9

Weaknesses

Source	Type	Description
[email protected]	Primary	en NVD-CWE-noinfo
134c704f-9b21-4f2e-91b3-4a467353bcc0	Secondary	en CWE-269

Affected Products

Vendor	Product	Version	Update	Type
jungo	windriver	*	<built-in method update of dict object at 0x7d1e5fea51c0>	Application
mitsubishielectric	cpu_module_logging_configuration_tool	*	<built-in method update of dict object at 0x7d1e54f9a400>	Application
mitsubishielectric	cw_configurator	*	<built-in method update of dict object at 0x7d1e54f99740>	Application
mitsubishielectric	data_transfer	*	<built-in method update of dict object at 0x7d1e5feffa00>	Application
mitsubishielectric	data_transfer_classic	*	<built-in method update of dict object at 0x7d1e5fe26e80>	Application
mitsubishielectric	ezsocket	*	<built-in method update of dict object at 0x7d1e5fe27640>	Application
mitsubishielectric	fr_configurator_sw3	*	<built-in method update of dict object at 0x7d1e54f98240>	Application
mitsubishielectric	fr_configurator2	*	<built-in method update of dict object at 0x7d1e54f9b240>	Application
mitsubishielectric	genesis64	*	<built-in method update of dict object at 0x7d1eb48ef200>	Application
mitsubishielectric	gt_got1000	*	<built-in method update of dict object at 0x7d1e5fe273c0>	Application
mitsubishielectric	gt_got2000	*	<built-in method update of dict object at 0x7d1e54f9bcc0>	Application
mitsubishielectric	gt_softgot1000	*	<built-in method update of dict object at 0x7d1e54f9aa00>	Application
mitsubishielectric	gt_softgot2000	*	<built-in method update of dict object at 0x7d1e54f9a900>	Application
mitsubishielectric	gx_developer	*	<built-in method update of dict object at 0x7d1e54f99b00>	Application
mitsubishielectric	gx_logviewer	*	<built-in method update of dict object at 0x7d1e54f98ac0>	Application
mitsubishielectric	gx_works2	*	<built-in method update of dict object at 0x7d1e64bc9b00>	Application
mitsubishielectric	gx_works3	*	<built-in method update of dict object at 0x7d1e54f9afc0>	Application
mitsubishielectric	iq_works	*	<built-in method update of dict object at 0x7d1e5fea5f80>	Application
mitsubishielectric	mi_configurator	*	<built-in method update of dict object at 0x7d1e6c9bbc80>	Application
mitsubishielectric	mr_configurator	*	<built-in method update of dict object at 0x7d1e54f9a480>	Application
mitsubishielectric	mr_configurator2	*	<built-in method update of dict object at 0x7d1e5fed58c0>	Application
mitsubishielectric	mx_component	*	<built-in method update of dict object at 0x7d1e54f98400>	Application
mitsubishielectric	mx_opc_server_da\/ua	*	<built-in method update of dict object at 0x7d1e54f99ec0>	Application
mitsubishielectric	numerical_control_device_communication	*	<built-in method update of dict object at 0x7d1ea3c99c00>	Application
mitsubishielectric	px_developer\/monitor_tool	*	<built-in method update of dict object at 0x7d1eb48ecac0>	Application
mitsubishielectric	rt_toolbox3	*	<built-in method update of dict object at 0x7d1e5fea4b40>	Application
mitsubishielectric	rt_visualbox	*	<built-in method update of dict object at 0x7d1e54f9a380>	Application
mitsubishielectric	mrzjw3-mc2-utl_firmware	*	<built-in method update of dict object at 0x7d1e54f9a880>	Operating System
mitsubishielectric	sw0dnc-mneth-b_firmware	*	<built-in method update of dict object at 0x7d1e54f988c0>	Operating System
mitsubishielectric	sw1dnc-ccbd2-b_firmware	*	<built-in method update of dict object at 0x7d1e54f98bc0>	Operating System
mitsubishielectric	sw1dnc-ccief-j_firmware	*	<built-in method update of dict object at 0x7d1e54f99880>	Operating System
mitsubishielectric	sw1dnc-ccief-b_firmware	*	<built-in method update of dict object at 0x7d1e54f9ad40>	Operating System
mitsubishielectric	sw1dnc-mnetg-b_firmware	*	<built-in method update of dict object at 0x7d1ea3ecc480>	Operating System
mitsubishielectric	sw1dnc-qsccf-b_firmware	*	<built-in method update of dict object at 0x7d1e5f74d900>	Operating System
mitsubishielectric	sw1dnd-emsdk-b_firmware	*	<built-in method update of dict object at 0x7d1ea3c9bf00>	Operating System

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:jungo:windriver::::::::`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:mitsubishielectric:cpu_module_logging_configuration_tool::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:cw_configurator::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:data_transfer::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:data_transfer_classic::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:ezsocket::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:fr_configurator_sw3::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:fr_configurator2::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:genesis64::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:gt_got1000::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:gt_got2000::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:gt_softgot1000::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:gt_softgot2000::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:gx_developer::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:gx_logviewer::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:gx_works2::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:gx_works3::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:iq_works::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:mi_configurator::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:mr_configurator::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:mr_configurator2::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:mx_component::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:mx_opc_server_da\/ua::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:numerical_control_device_communication::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:px_developer\/monitor_tool::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:rt_toolbox3::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:rt_visualbox::::::::`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:mitsubishielectric:mrzjw3-mc2-utl_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:mitsubishielectric:mrzjw3-mc2-utl:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:mitsubishielectric:sw0dnc-mneth-b_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:mitsubishielectric:sw0dnc-mneth-b:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:mitsubishielectric:sw1dnc-ccbd2-b_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:mitsubishielectric:sw1dnc-ccbd2-b:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:mitsubishielectric:sw1dnc-ccief-j_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:mitsubishielectric:sw1dnc-ccief-j:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:mitsubishielectric:sw1dnc-ccief-b_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:mitsubishielectric:sw1dnc-ccief-b:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:mitsubishielectric:sw1dnc-mnetg-b_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:mitsubishielectric:sw1dnc-mnetg-b:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:mitsubishielectric:sw1dnc-qsccf-b_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:mitsubishielectric:sw1dnc-qsccf-b:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:mitsubishielectric:sw1dnd-emsdk-b_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:mitsubishielectric:sw1dnd-emsdk-b:-:::::::*`

References

https://jungo.com/windriver/versions/
Source: [email protected]

Release Notes
https://www.cisa.gov/news-events/ics-advisories/icsa-24-135-04
Source: [email protected]

Third Party Advisory US Government Resource
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-001_en.pdf
Source: [email protected]

Third Party Advisory
https://jungo.com/windriver/versions/
Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes
https://www.cisa.gov/news-events/ics-advisories/icsa-24-135-04
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory US Government Resource
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-001_en.pdf
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory