CVE-2024-26314 HIGH

Published: 2024-07-02 | Last Modified: 2025-03-21 | Status: Modified

Description

Improper privilege management in Jungo WinDriver 6.0.0 through 16.1.0 allows local attackers to escalate privileges and execute arbitrary code.

Additional Descriptions (1)

La gestión inadecuada de privilegios en Jungo WinDriver 6.0.0 a 16.1.0 permite a atacantes locales escalar privilegios y ejecutar código arbitrario.

CVSS Metrics

Base Score: 7.8 (HIGH)

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector	LOCAL
Attack Complexity	LOW
Privileges Required	LOW
User Interaction	NONE
Scope	UNCHANGED
Confidentiality Impact	HIGH
Integrity Impact	HIGH
Availability Impact	HIGH

Source: [email protected]

Type: Primary

Exploitability Score: 1.8

Impact Score: 5.9

Weaknesses

Source	Type	Description
[email protected]	Primary	en NVD-CWE-noinfo
134c704f-9b21-4f2e-91b3-4a467353bcc0	Secondary	en CWE-269

Affected Products

Vendor	Product	Version	Update	Type
jungo	windriver	*	<built-in method update of dict object at 0x7d1e647e07c0>	Application
mitsubishielectric	cpu_module_logging_configuration_tool	*	<built-in method update of dict object at 0x7d1e6523bf00>	Application
mitsubishielectric	cw_configurator	*	<built-in method update of dict object at 0x7d1e65239640>	Application
mitsubishielectric	data_transfer	*	<built-in method update of dict object at 0x7d1e647e1940>	Application
mitsubishielectric	data_transfer_classic	*	<built-in method update of dict object at 0x7d1e647e2bc0>	Application
mitsubishielectric	ezsocket	*	<built-in method update of dict object at 0x7d1e65238400>	Application
mitsubishielectric	fr_configurator_sw3	*	<built-in method update of dict object at 0x7d1e5f74eac0>	Application
mitsubishielectric	fr_configurator2	*	<built-in method update of dict object at 0x7d1e647e3c80>	Application
mitsubishielectric	genesis64	*	<built-in method update of dict object at 0x7d1e65238b00>	Application
mitsubishielectric	gt_got1000	*	<built-in method update of dict object at 0x7d1e647e0b00>	Application
mitsubishielectric	gt_got2000	*	<built-in method update of dict object at 0x7d1e647e0c80>	Application
mitsubishielectric	gt_softgot1000	*	<built-in method update of dict object at 0x7d1e5f8c8240>	Application
mitsubishielectric	gt_softgot2000	*	<built-in method update of dict object at 0x7d1e67eb2100>	Application
mitsubishielectric	gx_developer	*	<built-in method update of dict object at 0x7d1e5f8cbc00>	Application
mitsubishielectric	gx_logviewer	*	<built-in method update of dict object at 0x7d1e5fe91b80>	Application
mitsubishielectric	gx_works2	*	<built-in method update of dict object at 0x7d1e65239740>	Application
mitsubishielectric	gx_works3	*	<built-in method update of dict object at 0x7d1e5f8c8200>	Application
mitsubishielectric	iq_works	*	<built-in method update of dict object at 0x7d1e647e0a80>	Application
mitsubishielectric	mi_configurator	*	<built-in method update of dict object at 0x7d1e6523b200>	Application
mitsubishielectric	mr_configurator	*	<built-in method update of dict object at 0x7d1e5fe91980>	Application
mitsubishielectric	mr_configurator2	*	<built-in method update of dict object at 0x7d1e6523a8c0>	Application
mitsubishielectric	mx_component	*	<built-in method update of dict object at 0x7d1e6523b500>	Application
mitsubishielectric	mx_opc_server_da\/ua	*	<built-in method update of dict object at 0x7d1e5f8c9800>	Application
mitsubishielectric	numerical_control_device_communication	*	<built-in method update of dict object at 0x7d1e5f8c99c0>	Application
mitsubishielectric	px_developer\/monitor_tool	*	<built-in method update of dict object at 0x7d1e6523a880>	Application
mitsubishielectric	rt_toolbox3	*	<built-in method update of dict object at 0x7d1e6dcd5140>	Application
mitsubishielectric	rt_visualbox	*	<built-in method update of dict object at 0x7d1e647e25c0>	Application
mitsubishielectric	mrzjw3-mc2-utl_firmware	*	<built-in method update of dict object at 0x7d1e5f8c9c00>	Operating System
mitsubishielectric	sw0dnc-mneth-b_firmware	*	<built-in method update of dict object at 0x7d1e6523ad40>	Operating System
mitsubishielectric	sw1dnc-ccbd2-b_firmware	*	<built-in method update of dict object at 0x7d1e647e2dc0>	Operating System
mitsubishielectric	sw1dnc-ccief-j_firmware	*	<built-in method update of dict object at 0x7d1e5f8cad80>	Operating System
mitsubishielectric	sw1dnc-ccief-b_firmware	*	<built-in method update of dict object at 0x7d1e647e2280>	Operating System
mitsubishielectric	sw1dnc-mnetg-b_firmware	*	<built-in method update of dict object at 0x7d1e5f8cb240>	Operating System
mitsubishielectric	sw1dnc-qsccf-b_firmware	*	<built-in method update of dict object at 0x7d1e6523b780>	Operating System
mitsubishielectric	sw1dnd-emsdk-b_firmware	*	<built-in method update of dict object at 0x7d1e6523bb00>	Operating System

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:jungo:windriver::::::::`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:mitsubishielectric:cpu_module_logging_configuration_tool::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:cw_configurator::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:data_transfer::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:data_transfer_classic::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:ezsocket::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:fr_configurator_sw3::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:fr_configurator2::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:genesis64::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:gt_got1000::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:gt_got2000::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:gt_softgot1000::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:gt_softgot2000::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:gx_developer::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:gx_logviewer::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:gx_works2::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:gx_works3::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:iq_works::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:mi_configurator::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:mr_configurator::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:mr_configurator2::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:mx_component::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:mx_opc_server_da\/ua::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:numerical_control_device_communication::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:px_developer\/monitor_tool::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:rt_toolbox3::::::::`
Yes	`cpe:2.3:a:mitsubishielectric:rt_visualbox::::::::`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:mitsubishielectric:mrzjw3-mc2-utl_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:mitsubishielectric:mrzjw3-mc2-utl:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:mitsubishielectric:sw0dnc-mneth-b_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:mitsubishielectric:sw0dnc-mneth-b:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:mitsubishielectric:sw1dnc-ccbd2-b_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:mitsubishielectric:sw1dnc-ccbd2-b:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:mitsubishielectric:sw1dnc-ccief-j_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:mitsubishielectric:sw1dnc-ccief-j:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:mitsubishielectric:sw1dnc-ccief-b_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:mitsubishielectric:sw1dnc-ccief-b:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:mitsubishielectric:sw1dnc-mnetg-b_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:mitsubishielectric:sw1dnc-mnetg-b:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:mitsubishielectric:sw1dnc-qsccf-b_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:mitsubishielectric:sw1dnc-qsccf-b:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:mitsubishielectric:sw1dnd-emsdk-b_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:mitsubishielectric:sw1dnd-emsdk-b:-:::::::*`

References

https://jungo.com/windriver/versions/
Source: [email protected]

Release Notes
https://www.cisa.gov/news-events/ics-advisories/icsa-24-135-04
Source: [email protected]

Third Party Advisory US Government Resource
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-001_en.pdf
Source: [email protected]

Third Party Advisory
https://jungo.com/windriver/versions/
Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes
https://www.cisa.gov/news-events/ics-advisories/icsa-24-135-04
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory US Government Resource
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-001_en.pdf
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory