CVE-2024-22104

Published: Jul 2, 2024Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

Out-of-Bounds Write vulnerability in Jungo WinDriver before 12.5.1 allows local attackers to cause a Windows blue screen error and Denial of Service (DoS).

Affected (35)

Products: Jungo: Windriver · Mitsubishielectric: Cpu Module Logging Configuration Tool, Cw Configurator, Data Transfer, Data Transfer Classic, Ezsocket, Fr Configurator2, Fr Configurator Sw3, Genesis64, Gt Got1000, Gt Got2000, Gt Softgot1000, Gt Softgot2000, Gx Developer, Gx Logviewer, Gx Works2, Gx Works3, Iq Works, Mi Configurator, Mr Configurator, Mr Configurator2, Mx Component, Mx Opc Server Da/ua, Numerical Control Device Communication, Px Developer/monitor Tool, Rt Toolbox3, Rt Visualbox, Mrzjw3 Mc2 Utl Firmware, Sw0dnc Mneth B Firmware, Sw1dnc Ccbd2 B Firmware, Sw1dnc Ccief J Firmware, Sw1dnc Ccief B Firmware, Sw1dnc Mnetg B Firmware, Sw1dnc Qsccf B Firmware, Sw1dnd Emsdk B Firmware

Jungo

1 product

Windriver

Mitsubishielectric

34 products

Cpu Module Logging Configuration Tool

Cw Configurator

Data Transfer

Data Transfer Classic

Numerical Control Device Communication

Px Developer/monitor Tool

Rt Toolbox3

Rt Visualbox

Mrzjw3 Mc2 Utl Firmware

Sw0dnc Mneth B Firmware

Sw1dnc Ccbd2 B Firmware

Sw1dnc Ccief J Firmware

Sw1dnc Ccief B Firmware

Sw1dnc Mnetg B Firmware

Sw1dnc Qsccf B Firmware

Sw1dnd Emsdk B Firmware

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Jungo Windriver	Before 12.5.1

Configuration B

26 vulnerable

Vulnerable Software	Affected Versions
Mitsubishielectric Cpu Module Logging Configuration Tool	All versions
Mitsubishielectric Cw Configurator	All versions
Mitsubishielectric Data Transfer	All versions
Mitsubishielectric Data Transfer Classic	All versions
Mitsubishielectric Ezsocket	All versions
Mitsubishielectric Fr Configurator2	All versions
Mitsubishielectric Fr Configurator Sw3	All versions
Mitsubishielectric Genesis64	All versions
Mitsubishielectric Gt Got1000	All versions
Mitsubishielectric Gt Got2000	All versions
Mitsubishielectric Gt Softgot1000	All versions
Mitsubishielectric Gt Softgot2000	All versions
Mitsubishielectric Gx Developer	All versions
Mitsubishielectric Gx Logviewer	All versions
Mitsubishielectric Gx Works2	All versions
Mitsubishielectric Gx Works3	All versions
Mitsubishielectric Iq Works	All versions
Mitsubishielectric Mi Configurator	All versions
Mitsubishielectric Mr Configurator	All versions
Mitsubishielectric Mr Configurator2	All versions
Mitsubishielectric Mx Component	All versions
Mitsubishielectric Mx Opc Server Da/ua	All versions
Mitsubishielectric Numerical Control Device Communication	All versions
Mitsubishielectric Px Developer/monitor Tool	All versions
Mitsubishielectric Rt Toolbox3	All versions
Mitsubishielectric Rt Visualbox	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Mrzjw3 Mc2 Utl Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Mrzjw3 Mc2 Utl	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Sw0dnc Mneth B Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Sw0dnc Mneth B	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Sw1dnc Ccbd2 B Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Sw1dnc Ccbd2 B	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Sw1dnc Ccief J Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Sw1dnc Ccief J	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Sw1dnc Ccief B Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Sw1dnc Ccief B	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Sw1dnc Mnetg B Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Sw1dnc Mnetg B	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Sw1dnc Qsccf B Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Sw1dnc Qsccf B	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Sw1dnd Emsdk B Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Sw1dnd Emsdk B	All versions

Related CWEs

CWE-400

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (6)

https://jungo.com/windriver/versions/

Source: cve@mitre.org

Release Notes

https://www.cisa.gov/news-events/ics-advisories/icsa-24-135-04

Source: cve@mitre.org

Third Party AdvisoryUS Government Resource

https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-001_en.pdf

Source: cve@mitre.org

Third Party Advisory

https://jungo.com/windriver/versions/

Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes

https://www.cisa.gov/news-events/ics-advisories/icsa-24-135-04

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-001_en.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.