Lucene search

MitreCVE-2024-25088

HistoryJul 02, 2024 - 4:15 p.m.

CVE-2024-25088

2024-07-0216:15:04

CWE-269

mitre

web.nvd.nist.gov

jungo windriver

privilege management

local attackers

escalate privileges

arbitrary code

cve-2024-25088

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

Percentile

5.3%

JSON

Improper privilege management in Jungo WinDriver before 12.5.1 allows local attackers to escalate privileges and execute arbitrary code.

Affected configurations

Nvd

Node

jungowindriverRange<12.5.1

Node

mitsubishielectriccpu_module_logging_configuration_tool

mitsubishielectriccw_configurator

mitsubishielectricdata_transfer

mitsubishielectricdata_transfer_classic

mitsubishielectricezsocket

mitsubishielectricfr_configurator_sw3

mitsubishielectricfr_configurator2

mitsubishielectricgenesis64

mitsubishielectricgt_got1000

mitsubishielectricgt_got2000

mitsubishielectricgt_softgot1000

mitsubishielectricgt_softgot2000

mitsubishielectricgx_developer

mitsubishielectricgx_logviewer

mitsubishielectricgx_works2

mitsubishielectricgx_works3

mitsubishielectriciq_works

mitsubishielectricmi_configurator

mitsubishielectricmr_configurator

mitsubishielectricmr_configurator2

mitsubishielectricmx_component

mitsubishielectricmx_opc_server_da\/ua

mitsubishielectricnumerical_control_device_communication

mitsubishielectricpx_developer\/monitor_tool

mitsubishielectricrt_toolbox3

mitsubishielectricrt_visualbox

Node

mitsubishielectricmrzjw3-mc2-utl_firmware

AND

mitsubishielectricmrzjw3-mc2-utlMatch-

Node

mitsubishielectricsw0dnc-mneth-b_firmware

AND

mitsubishielectricsw0dnc-mneth-bMatch-

Node

mitsubishielectricsw1dnc-ccbd2-b_firmware

AND

mitsubishielectricsw1dnc-ccbd2-bMatch-

Node

mitsubishielectricsw1dnc-ccief-j_firmware

AND

mitsubishielectricsw1dnc-ccief-jMatch-

Node

mitsubishielectricsw1dnc-ccief-b_firmware

AND

mitsubishielectricsw1dnc-ccief-bMatch-

Node

mitsubishielectricsw1dnc-mnetg-b_firmware

AND

mitsubishielectricsw1dnc-mnetg-bMatch-

Node

mitsubishielectricsw1dnc-qsccf-b_firmware

AND

mitsubishielectricsw1dnc-qsccf-bMatch-

Node

mitsubishielectricsw1dnd-emsdk-b_firmware

AND

mitsubishielectricsw1dnd-emsdk-bMatch-

VendorProductVersionCPE
jungowindriver*cpe:2.3:a:jungo:windriver:*:*:*:*:*:*:*:*
mitsubishielectriccpu_module_logging_configuration_tool*cpe:2.3:a:mitsubishielectric:cpu_module_logging_configuration_tool:*:*:*:*:*:*:*:*
mitsubishielectriccw_configurator*cpe:2.3:a:mitsubishielectric:cw_configurator:*:*:*:*:*:*:*:*
mitsubishielectricdata_transfer*cpe:2.3:a:mitsubishielectric:data_transfer:*:*:*:*:*:*:*:*
mitsubishielectricdata_transfer_classic*cpe:2.3:a:mitsubishielectric:data_transfer_classic:*:*:*:*:*:*:*:*
mitsubishielectricezsocket*cpe:2.3:a:mitsubishielectric:ezsocket:*:*:*:*:*:*:*:*
mitsubishielectricfr_configurator_sw3*cpe:2.3:a:mitsubishielectric:fr_configurator_sw3:*:*:*:*:*:*:*:*
mitsubishielectricfr_configurator2*cpe:2.3:a:mitsubishielectric:fr_configurator2:*:*:*:*:*:*:*:*
mitsubishielectricgenesis64*cpe:2.3:a:mitsubishielectric:genesis64:*:*:*:*:*:*:*:*
mitsubishielectricgt_got1000*cpe:2.3:a:mitsubishielectric:gt_got1000:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
jungo	windriver	*	cpe:2.3:a:jungo:windriver::::::::
mitsubishielectric	cpu_module_logging_configuration_tool	*	cpe:2.3:a:mitsubishielectric:cpu_module_logging_configuration_tool::::::::
mitsubishielectric	cw_configurator	*	cpe:2.3:a:mitsubishielectric:cw_configurator::::::::
mitsubishielectric	data_transfer	*	cpe:2.3:a:mitsubishielectric:data_transfer::::::::
mitsubishielectric	data_transfer_classic	*	cpe:2.3:a:mitsubishielectric:data_transfer_classic::::::::
mitsubishielectric	ezsocket	*	cpe:2.3:a:mitsubishielectric:ezsocket::::::::
mitsubishielectric	fr_configurator_sw3	*	cpe:2.3:a:mitsubishielectric:fr_configurator_sw3::::::::
mitsubishielectric	fr_configurator2	*	cpe:2.3:a:mitsubishielectric:fr_configurator2::::::::
mitsubishielectric	genesis64	*	cpe:2.3:a:mitsubishielectric:genesis64::::::::
mitsubishielectric	gt_got1000	*	cpe:2.3:a:mitsubishielectric:gt_got1000::::::::

Rows per page:

1-10 of 431

References

jungo.com/windriver/versions/

www.cisa.gov/news-events/ics-advisories/icsa-24-135-04

www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-001_en.pdf

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

Percentile

5.3%

JSON

Related for CVE-2024-25088