IM
IronMonkey Threat Research
‹ Back to ICS Advisories

Mitsubishi Electric Multiple FA Engineering Software Products (Update E)

MEDIUM
CVSS 6.0
Date 2026-06-09T06:00:00+00:00
Source cisa-csaf
Published by CISA

// Description

Multiple vulnerabilities due to vulnerabilities in Jungo's WinDriver in multiple FA engineering software products. Successful exploitation of these vulnerabilities may allow a local attacker to cause a Windows blue screen error that results in a denial-of-service condition and/or to gain Windows system privileges and execute arbitrary commands.

// Vulnerabilities (12)

CVE ID CVSS Score Severity Description
CVE-2024-25086 4.4 medium
A privilege escalation vulnerability due to improper privilege management caused by a vulnerability in Jungo's WinDriver exists in the multiple FA engineering software products. If a malicious code is executed on a computer where the affected software product is installed, this vulnerability may allow a local attacker to escalate Windows system privileges and execute arbitrary commands.
CVE-2024-22102 4.4 medium
A denial-of-service vulnerability due to uncontrolled resource consumption caused by a vulnerability in Jungo's WinDriver exists in the multiple FA engineering software products. If a malicious code is executed on a computer where the affected software product is installed, this vulnerability may allow a local attacker to cause a Windows blue screen error that results in a denial-of-service condition.
CVE-2024-25087 4.4 medium
A denial-of-service vulnerability due to uncontrolled resource consumption caused by a vulnerability in Jungo's WinDriver exists in the multiple FA engineering software products. If a malicious code is executed on a computer where the affected software product is installed, this vulnerability may allow a local attacker to cause a Windows blue screen error that results in a denial-of-service condition.
CVE-2024-22105 4.4 medium
A denial-of-service vulnerability due to uncontrolled resource consumption caused by a vulnerability in Jungo's WinDriver exists in the multiple FA engineering software products. If a malicious code is executed on a computer where the affected software product is installed, this vulnerability may allow a local attacker to cause a Windows blue screen error that results in a denial-of-service condition.
CVE-2023-51778 4.4 medium
A denial-of-service vulnerability due to an out-of-bounds write caused by a vulnerability in Jungo's WinDriver exists in the multiple FA engineering software products. If a malicious code is executed on a computer where the affected software product is installed, this vulnerability may allow a local attacker to cause a Windows blue screen error that results in a denial-of-service condition.
CVE-2023-51776 4.4 medium
A privilege escalation vulnerability due to improper privilege management caused by a vulnerability in Jungo's WinDriver exists in multiple FA engineering software products. If a malicious code is executed on a computer where the affected software product is installed, this vulnerability may allow a local attacker to escalate Windows system privileges and execute arbitrary commands.
CVE-2024-22106 6.0 medium
A privilege escalation and denial-of-service vulnerability due to improper privilege management caused by a vulnerability in Jungo's WinDriver exists in the multiple FA engineering software products. If a malicious code is executed on a computer where the affected software product is installed, this vulnerability may allow a local attacker to cause a Windows blue screen error that results in a denial-of-service condition and/or to escalate Windows system privileges and execute arbitrary commands.
CVE-2023-51777 4.4 medium
A denial-of-service vulnerability due to uncontrolled resource consumption caused by a vulnerability in Jungo's WinDriver exists in the multiple FA engineering software products. If a malicious code is executed on a computer where the affected software product is installed, this vulnerability may allow a local attacker to cause a Windows blue screen error that results in a denial-of-service condition.
CVE-2024-22103 4.4 medium
A denial-of-service vulnerability due to an out-of-bounds write caused by a vulnerability in Jungo's WinDriver exists in the multiple FA engineering software products. If a malicious code is executed on a computer where the affected software product is installed, this vulnerability may allow a local attacker to cause a Windows blue screen error that results in a denial-of-service condition.
CVE-2024-22104 4.4 medium
A denial-of-service vulnerability due to an out-of-bounds write caused by a vulnerability in Jungo's WinDriver exists in the multiple FA engineering software products. If a malicious code is executed on a computer where the affected software product is installed, this vulnerability may allow a local attacker to cause a Windows blue screen error that results in a denial-of-service condition.
CVE-2024-25088 4.4 medium
A privilege escalation vulnerability due to improper privilege management caused by a vulnerability in Jungo's WinDriver exists in the multiple FA engineering software products. If a malicious code is executed on a computer where the affected software product is installed, this vulnerability may allow a local attacker to escalate Windows system privileges and execute arbitrary commands.
CVE-2024-26314 4.4 medium
A privilege escalation vulnerability due to improper privilege management caused by a vulnerability in Jungo's WinDriver exists in the multiple FA engineering software products. If a malicious code is executed on a computer where the affected software product is installed, this vulnerability may allow a local attacker to escalate Windows system privileges and execute arbitrary commands.

// Affected Products (3)

Vendor Product Asset Type Purdue Level Firmware
Mitsubishi Electric Iconics Digital Solutions Unknown scada_server
L2
10.97.2
Mitsubishi Electric Unknown scada_server
L2
10.97.2
Mitsubishi Electric Unknown scada_server
L2
--

// Remediations (39)

Mitigation: For users of products that do not have a fixed version or who cannot immediately update the product,
For users of products that do not have a fixed version or who cannot immediately update the product, Mitsubishi Electric and Mitsubishi Electric Iconics Digital Solutions recommend installing antivirus software in your computer with the affected product installed, to minimize the risk of exploiting this vulnerability.
Mitigation: For users of products that do not have a fixed version or who cannot immediately update the product,
For users of products that do not have a fixed version or who cannot immediately update the product, Mitsubishi Electric and Mitsubishi Electric Iconics Digital Solutions recommend preventing the user from clicking on web links in emails from untrusted sources, or from opening attachments in untrusted emails, to minimize the risk of exploiting this vulnerability.
Patch: Mitsubishi Electric Iconics Digital Solutions is releasing GENESIS version 11 or later which is a su
Mitsubishi Electric Iconics Digital Solutions is releasing GENESIS version 11 or later which is a successor product to ICONICS Suite. Download the fixed version from the link "https://iconicsinc.my.site.com/community/s/resource-center/product-downloads" and install it. For more information on the fixed version, refer to the Mitsubishi Electric Iconics Digital Solutions whitepaper on security vulnerabilities which can be found at "https://iconics.com/about/security/cert".
Mitigation: Don't open untrusted files or click untrusted links.
Don't open untrusted files or click untrusted links.
Mitigation: For users of products that do not have a fixed version or who cannot immediately update the product,
For users of products that do not have a fixed version or who cannot immediately update the product, Mitsubishi Electric and Mitsubishi Electric Iconics Digital Solutions recommend restricting physical access to the PC with the affected product installed, to minimize the risk of exploiting this vulnerability.
Patch: Mitsubishi Electric is releasing fixed version 1.025B or later for MELSOFT EM Software Development K
Mitsubishi Electric is releasing fixed version 1.025B or later for MELSOFT EM Software Development Kit (SW1DND-EMSDK-B). Download the fixed version from the link "https://www.mitsubishielectric.com/fa/download/index.html" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-001_en.pdf".
Patch: Mitsubishi Electric is releasing fixed version 2.50C or later for RT ToolBox3. Download the fixed ve
Mitsubishi Electric is releasing fixed version 2.50C or later for RT ToolBox3. Download the fixed version from the link "https://www.mitsubishielectric.com/fa/download/index.html" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-001_en.pdf".
Patch: Mitsubishi Electric is releasing fixed version 1.315D or later for GT Designer3 Version1 (GOT1000).
Mitsubishi Electric is releasing fixed version 1.315D or later for GT Designer3 Version1 (GOT1000). Download the fixed version from the link "https://www.mitsubishielectric.com/fa/download/index.html" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-001_en.pdf".
Patch: Mitsubishi Electric is releasing fixed version 37P or later for MELSECNET/H Interface Board software
Mitsubishi Electric is releasing fixed version 37P or later for MELSECNET/H Interface Board software package (SW0DNC-MNETH-B). Download the fixed version from the link "https://www.mitsubishielectric.com/fa/download/index.html" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-001_en.pdf".
Patch: Mitsubishi Electric is releasing fixed version 5.A or later for EZSocket. Mitsubishi Electric does n
Mitsubishi Electric is releasing fixed version 5.A or later for EZSocket. Mitsubishi Electric does not provide downloadable updates for the product. Contact your place of purchase for assistance. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-001_en.pdf".
Patch: Mitsubishi Electric is releasing fixed version 1.320J or later for GT Designer3 Version1 (GOT2000).
Mitsubishi Electric is releasing fixed version 1.320J or later for GT Designer3 Version1 (GOT2000). Download the fixed version from the link "https://www.mitsubishielectric.com/fa/download/index.html" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-001_en.pdf".
Patch: Mitsubishi Electric is releasing fixed version 1.110Q or later for GX Works3. Download the fixed ver
Mitsubishi Electric is releasing fixed version 1.110Q or later for GX Works3. Download the fixed version from the link "https://www.mitsubishielectric.com/fa/download/index.html" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-001_en.pdf".
Patch: Mitsubishi Electric is releasing fixed version 1.160S or later for GX LogViewer. Download the fixed
Mitsubishi Electric is releasing fixed version 1.160S or later for GX LogViewer. Download the fixed version from the link "https://www.mitsubishielectric.com/fa/download/index.html" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-001_en.pdf".
Patch: Mitsubishi Electric is releasing GENESIS version 11 or later which is a successor product to GENESIS
Mitsubishi Electric is releasing GENESIS version 11 or later which is a successor product to GENESIS64. Download the fixed version from the link "https://iconicsinc.my.site.com/community/s/resource-center/product-downloads" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-001_en.pdf".
Patch: Mitsubishi Electric is releasing GENESIS version 11 or later which is a successor product to ICONICS
Mitsubishi Electric is releasing GENESIS version 11 or later which is a successor product to ICONICS Suite. Download the fixed version from the link "https://iconicsinc.my.site.com/community/s/resource-center/product-downloads" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-001_en.pdf".
Patch: Mitsubishi Electric is releasing fixed version 1.625B or later for GX Works2. Download the fixed ver
Mitsubishi Electric is releasing fixed version 1.625B or later for GX Works2. Download the fixed version from the link "https://www.mitsubishielectric.com/fa/download/index.html" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-001_en.pdf".
Patch: Mitsubishi Electric is releasing fixed version 2.6 or later for CSGL (GX Works2 connection configura
Mitsubishi Electric is releasing fixed version 2.6 or later for CSGL (GX Works2 connection configuration). Mitsubishi Electric does not provide downloadable updates for the product. Contact your place of purchase for assistance. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-001_en.pdf".
Patch: Mitsubishi Electric is releasing fixed version 5.008J or later for MX Component. Download the fixed
Mitsubishi Electric is releasing fixed version 5.008J or later for MX Component. Download the fixed version from the link "https://www.mitsubishielectric.com/fa/download/index.html" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-001_en.pdf".
Patch: Mitsubishi Electric is releasing fixed version 2.20 or later for C Controller Interface Module utili
Mitsubishi Electric is releasing fixed version 2.20 or later for C Controller Interface Module utility (SW1DNC-QSCCF-B). Mitsubishi Electric does not provide downloadable updates for the product. Contact your place of purchase for assistance. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-001_en.pdf".
Patch: Mitsubishi Electric is releasing fixed version 1.155M or later for MR Configurator2. Download the fi
Mitsubishi Electric is releasing fixed version 1.155M or later for MR Configurator2. Download the fixed version from the link "https://www.mitsubishielectric.com/fa/download/index.html" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-001_en.pdf".
Patch: Mitsubishi Electric is releasing fixed version 4.15R or later for Setting/monitoring tools for the C
Mitsubishi Electric is releasing fixed version 4.15R or later for Setting/monitoring tools for the C Controller module (SW4PVC-CCPU). Download the fixed version from the link "https://www.mitsubishielectric.com/fa/download/index.html" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-001_en.pdf".
Patch: Mitsubishi Electric is releasing fixed version 1.32J or later for CC-Link IE Controller Network Inte
Mitsubishi Electric is releasing fixed version 1.32J or later for CC-Link IE Controller Network Interface Board software package (SW1DNC-MNETG-B). Download the fixed version from the link "https://www.mitsubishielectric.com/fa/download/index.html" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-001_en.pdf".
Patch: Mitsubishi Electric is releasing fixed version 2.106L or later for iQ Works (MELSOFT Navigator). Dow
Mitsubishi Electric is releasing fixed version 2.106L or later for iQ Works (MELSOFT Navigator). Download the fixed version from the link "https://www.mitsubishielectric.com/fa/download/index.html" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-001_en.pdf".
Patch: Mitsubishi Electric is releasing fixed version A9 or later for Mitsubishi Electric Numerical Control
Mitsubishi Electric is releasing fixed version A9 or later for Mitsubishi Electric Numerical Control Device Communication Software (FCSB1224). Download the fixed version from the link "https://www.mitsubishielectric.com/fa/download/index.html" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-001_en.pdf".
Patch: Mitsubishi Electric is releasing fixed version 3.59M or later for Data Transfer. Download the fixed
Mitsubishi Electric is releasing fixed version 3.59M or later for Data Transfer. Download the fixed version from the link "https://www.mitsubishielectric.com/fa/download/index.html" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-001_en.pdf".
Patch: Mitsubishi Electric is releasing fixed version 1.01B or later for Data Transfer Classic. Download th
Mitsubishi Electric is releasing fixed version 1.01B or later for Data Transfer Classic. Download the fixed version from the link "https://www.mitsubishielectric.com/fa/download/index.html" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-001_en.pdf".
Patch: Mitsubishi Electric is releasing fixed version 1.33K or later for FR Configurator2. Download the fix
Mitsubishi Electric is releasing fixed version 1.33K or later for FR Configurator2. Download the fixed version from the link "https://www.mitsubishielectric.com/fa/download/index.html" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-001_en.pdf".
Patch: Mitsubishi Electric is releasing fixed version 3.315D or later for GT SoftGOT1000 Version3. Download
Mitsubishi Electric is releasing fixed version 3.315D or later for GT SoftGOT1000 Version3. Download the fixed version from the link "https://www.mitsubishielectric.com/fa/download/index.html" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-001_en.pdf".
Patch: Mitsubishi Electric is releasing fixed version 1.020W or later for CW Configurator. Download the fix
Mitsubishi Electric is releasing fixed version 1.020W or later for CW Configurator. Download the fixed version from the link "https://www.mitsubishielectric.com/fa/download/index.html" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-001_en.pdf".
Patch: Mitsubishi Electric is releasing fixed version 1.19V or later for CC-Link IE Field Network Interface
Mitsubishi Electric is releasing fixed version 1.19V or later for CC-Link IE Field Network Interface Board software package (SW1DNC-CCIEF-J). Download the fixed version from the link "https://www.mitsubishielectric.com/fa/download/index.html" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-001_en.pdf".
Patch: Mitsubishi Electric is releasing fixed version 1.12N or later for RT VisualBox. Download the fixed v
Mitsubishi Electric is releasing fixed version 1.12N or later for RT VisualBox. Download the fixed version from the link "https://www.mitsubishielectric.com/fa/download/index.html" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-001_en.pdf".
Patch: Mitsubishi Electric is releasing fixed version 1.59M or later for PX Developer/Monitor Tool. Downloa
Mitsubishi Electric is releasing fixed version 1.59M or later for PX Developer/Monitor Tool. Download the fixed version from the link "https://www.mitsubishielectric.com/fa/download/index.html" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-001_en.pdf".
Patch: Mitsubishi Electric is releasing fixed version 1.205P or later for MT Works2. Download the fixed ver
Mitsubishi Electric is releasing fixed version 1.205P or later for MT Works2. Download the fixed version from the link "https://www.mitsubishielectric.com/fa/download/index.html" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-001_en.pdf".
Patch: Mitsubishi Electric is releasing fixed version 1.19V or later for CC-Link IE Field Network Interface
Mitsubishi Electric is releasing fixed version 1.19V or later for CC-Link IE Field Network Interface Board software package (SW1DNC-CCIEF-B). Download the fixed version from the link "https://www.mitsubishielectric.com/fa/download/index.html" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-001_en.pdf".
Patch: Mitsubishi Electric is releasing fixed version 1.160S or later for CPU Module Logging Configuration
Mitsubishi Electric is releasing fixed version 1.160S or later for CPU Module Logging Configuration Tool. Download the fixed version from the link "https://www.mitsubishielectric.com/fa/download/index.html" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-001_en.pdf".
Patch: Mitsubishi Electric is releasing fixed version 1.320J or later for GT SoftGOT2000 Version1. Download
Mitsubishi Electric is releasing fixed version 1.320J or later for GT SoftGOT2000 Version1. Download the fixed version from the link "https://www.mitsubishielectric.com/fa/download/index.html" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-001_en.pdf".
Patch: Mitsubishi Electric is releasing fixed version 3.50 or later for Position Board Utility2 (MRZJW3-MC2
Mitsubishi Electric is releasing fixed version 3.50 or later for Position Board Utility2 (MRZJW3-MC2-UTL). Mitsubishi Electric does not provide downloadable updates for the product. Contact your place of purchase for assistance. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-001_en.pdf".
Patch: Mitsubishi Electric is releasing fixed version 1.26C or later for CC-Link System Master/Local Interf
Mitsubishi Electric is releasing fixed version 1.26C or later for CC-Link System Master/Local Interface Board software package (SW1DNC-CCBD2-B). Download the fixed version from the link "https://www.mitsubishielectric.com/fa/download/index.html" and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-001_en.pdf".
Patch: Mitsubishi Electric Iconics Digital Solutions is releasing GENESIS version 11 or later which is a su
Mitsubishi Electric Iconics Digital Solutions is releasing GENESIS version 11 or later which is a successor product to GENESIS64. Download the fixed version from the link "https://iconicsinc.my.site.com/community/s/resource-center/product-downloads" and install it. For more information on the fixed version, refer to the Mitsubishi Electric Iconics Digital Solutions whitepaper on security vulnerabilities which can be found at "https://iconics.com/about/security/cert".

// References