CVE-2023-51776

Improper privilege management in Jungo WinDriver before 12.1.0 allows local attackers to escalate privileges and execute arbitrary code.

CVSS v3.0 7.8 HIGH

7.8^/10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://jungo.com/windriver/versions/	Release Notes
https://jungo.com/windriver/versions/	Release Notes
https://www.cisa.gov/news-events/ics-advisories/icsa-24-135-04	Third Party Advisory US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-24-135-04	Third Party Advisory US Government Resource
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-001_en.pdf	Third Party Advisory
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-001_en.pdf	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:jungo:windriver:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:a:mitsubishielectric:cpu_module_logging_configuration_tool::::::::
	cpe:2.3:a:mitsubishielectric:cw_configurator::::::::
	cpe:2.3:a:mitsubishielectric:data_transfer::::::::
	cpe:2.3:a:mitsubishielectric:ezsocket::::::::
	cpe:2.3:a:mitsubishielectric:fr_configurator_sw3::::::::
	cpe:2.3:a:mitsubishielectric:fr_configurator2::::::::
	cpe:2.3:a:mitsubishielectric:gt_got1000::::::::
	cpe:2.3:a:mitsubishielectric:gt_got2000::::::::
	cpe:2.3:a:mitsubishielectric:gt_softgot1000::::::::
	cpe:2.3:a:mitsubishielectric:gt_softgot2000::::::::
	cpe:2.3:a:mitsubishielectric:gx_developer::::::::
	cpe:2.3:a:mitsubishielectric:gx_logviewer::::::::
	cpe:2.3:a:mitsubishielectric:mi_configurator::::::::
	cpe:2.3:a:mitsubishielectric:mx_component::::::::
	cpe:2.3:a:mitsubishielectric:rt_toolbox3::::::::
	cpe:2.3:a:mitsubishielectric:gx_works3::::::::
	cpe:2.3:a:mitsubishielectric:gx_works2::::::::
	cpe:2.3:a:mitsubishielectric:data_transfer_classic::::::::
	cpe:2.3:a:mitsubishielectric:genesis64::::::::
	cpe:2.3:a:mitsubishielectric:iq_works::::::::
	cpe:2.3:a:mitsubishielectric:numerical_control_device_communication::::::::
	cpe:2.3:a:mitsubishielectric:mr_configurator::::::::
	cpe:2.3:a:mitsubishielectric:mr_configurator2::::::::
	cpe:2.3:a:mitsubishielectric:mx_opc_server_da\/ua::::::::
	cpe:2.3:a:mitsubishielectric:px_developer\/monitor_tool::::::::
	cpe:2.3:a:mitsubishielectric:rt_visualbox::::::::

Configuration 3 (hide)

AND

cpe:2.3:o:mitsubishielectric:mrzjw3-mc2-utl_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:mrzjw3-mc2-utl:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:mitsubishielectric:sw0dnc-mneth-b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:sw0dnc-mneth-b:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:mitsubishielectric:sw1dnc-ccbd2-b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:sw1dnc-ccbd2-b:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:mitsubishielectric:sw1dnc-ccief-j_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:sw1dnc-ccief-j:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:mitsubishielectric:sw1dnc-ccief-b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:sw1dnc-ccief-b:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:mitsubishielectric:sw1dnc-mnetg-b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:sw1dnc-mnetg-b:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:mitsubishielectric:sw1dnc-qsccf-b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:sw1dnc-qsccf-b:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:mitsubishielectric:sw1dnd-emsdk-b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:sw1dnd-emsdk-b:-:*:*:*:*:*:*:*

History

05 Jul 2024, 15:56

Type	Values Removed	Values Added
References	~~() https://jungo.com/windriver/versions/ -~~	() https://jungo.com/windriver/versions/ - Release Notes
References	~~() https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-001_en.pdf -~~	() https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-001_en.pdf - Third Party Advisory
References	~~() https://www.cisa.gov/news-events/ics-advisories/icsa-24-135-04 -~~	() https://www.cisa.gov/news-events/ics-advisories/icsa-24-135-04 - Third Party Advisory, US Government Resource
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8
CPE		cpe:2.3:a:mitsubishielectric:fr_configurator_sw3:::::::: cpe:2.3:a:mitsubishielectric:cpu_module_logging_configuration_tool:::::::: cpe:2.3:a:mitsubishielectric:px_developer\/monitor_tool:::::::: cpe:2.3:a:jungo:windriver:::::::: cpe:2.3:a:mitsubishielectric:genesis64:::::::: cpe:2.3:o:mitsubishielectric:sw1dnc-ccief-b_firmware:::::::: cpe:2.3:a:mitsubishielectric:mi_configurator:::::::: cpe:2.3:a:mitsubishielectric:gt_softgot1000:::::::: cpe:2.3:a:mitsubishielectric:mx_opc_server_da\/ua:::::::: cpe:2.3:a:mitsubishielectric:gx_works2:::::::: cpe:2.3:a:mitsubishielectric:rt_toolbox3:::::::: cpe:2.3:h:mitsubishielectric:sw1dnc-mnetg-b:-:::::::* cpe:2.3:o:mitsubishielectric:sw1dnd-emsdk-b_firmware:::::::: cpe:2.3:o:mitsubishielectric:sw1dnc-ccief-j_firmware:::::::: cpe:2.3:a:mitsubishielectric:gx_developer:::::::: cpe:2.3:h:mitsubishielectric:sw1dnc-qsccf-b:-:::::::* cpe:2.3:a:mitsubishielectric:mx_component:::::::: cpe:2.3:a:mitsubishielectric:gt_got1000:::::::: cpe:2.3:a:mitsubishielectric:gx_works3:::::::: cpe:2.3:h:mitsubishielectric:mrzjw3-mc2-utl:-:::::::* cpe:2.3:a:mitsubishielectric:numerical_control_device_communication:::::::: cpe:2.3:a:mitsubishielectric:mr_configurator2:::::::: cpe:2.3:o:mitsubishielectric:mrzjw3-mc2-utl_firmware:::::::: cpe:2.3:a:mitsubishielectric:cw_configurator:::::::: cpe:2.3:a:mitsubishielectric:gt_softgot2000:::::::: cpe:2.3:h:mitsubishielectric:sw0dnc-mneth-b:-:::::::* cpe:2.3:o:mitsubishielectric:sw1dnc-ccbd2-b_firmware:::::::: cpe:2.3:a:mitsubishielectric:data_transfer:::::::: cpe:2.3:o:mitsubishielectric:sw1dnc-qsccf-b_firmware:::::::: cpe:2.3:a:mitsubishielectric:gt_got2000:::::::: cpe:2.3:h:mitsubishielectric:sw1dnc-ccief-b:-:::::::* cpe:2.3:h:mitsubishielectric:sw1dnd-emsdk-b:-:::::::* cpe:2.3:h:mitsubishielectric:sw1dnc-ccief-j:-:::::::* cpe:2.3:o:mitsubishielectric:sw0dnc-mneth-b_firmware:::::::: cpe:2.3:o:mitsubishielectric:sw1dnc-mnetg-b_firmware:::::::: cpe:2.3:a:mitsubishielectric:data_transfer_classic:::::::: cpe:2.3:a:mitsubishielectric:mr_configurator:::::::: cpe:2.3:a:mitsubishielectric:fr_configurator2:::::::: cpe:2.3:a:mitsubishielectric:rt_visualbox:::::::: cpe:2.3:h:mitsubishielectric:sw1dnc-ccbd2-b:-:::::::* cpe:2.3:a:mitsubishielectric:iq_works:::::::: cpe:2.3:a:mitsubishielectric:ezsocket:::::::: cpe:2.3:a:mitsubishielectric:gx_logviewer::::::::
First Time		Mitsubishielectric ezsocket Mitsubishielectric sw1dnc-ccief-b Mitsubishielectric sw1dnc-ccbd2-b Mitsubishielectric cw Configurator Mitsubishielectric sw1dnc-mnetg-b Firmware Mitsubishielectric gt Softgot2000 Mitsubishielectric gt Got2000 Mitsubishielectric sw0dnc-mneth-b Jungo Mitsubishielectric sw1dnc-mnetg-b Mitsubishielectric gx Developer Mitsubishielectric sw1dnc-ccief-j Mitsubishielectric cpu Module Logging Configuration Tool Mitsubishielectric gx Logviewer Mitsubishielectric genesis64 Mitsubishielectric sw1dnc-qsccf-b Firmware Mitsubishielectric sw1dnc-qsccf-b Mitsubishielectric fr Configurator Sw3 Mitsubishielectric rt Visualbox Mitsubishielectric gt Got1000 Mitsubishielectric mr Configurator2 Mitsubishielectric data Transfer Mitsubishielectric iq Works Mitsubishielectric sw1dnd-emsdk-b Firmware Mitsubishielectric mr Configurator Mitsubishielectric Mitsubishielectric mx Opc Server Da\/ua Mitsubishielectric mrzjw3-mc2-utl Firmware Mitsubishielectric gx Works3 Mitsubishielectric sw0dnc-mneth-b Firmware Mitsubishielectric gx Works2 Mitsubishielectric sw1dnd-emsdk-b Mitsubishielectric px Developer\/monitor Tool Mitsubishielectric fr Configurator2 Mitsubishielectric sw1dnc-ccbd2-b Firmware Mitsubishielectric rt Toolbox3 Mitsubishielectric sw1dnc-ccief-b Firmware Mitsubishielectric gt Softgot1000 Mitsubishielectric mrzjw3-mc2-utl Mitsubishielectric numerical Control Device Communication Mitsubishielectric mi Configurator Mitsubishielectric data Transfer Classic Mitsubishielectric mx Component Jungo windriver Mitsubishielectric sw1dnc-ccief-j Firmware
CWE		NVD-CWE-noinfo

02 Jul 2024, 17:44

Type	Values Removed	Values Added
Summary	~~Improper privilege management in Jungo WinDriver 12.1.0 allows local attackers to escalate privileges and execute arbitrary code.~~	Improper privilege management in Jungo WinDriver before 12.1.0 allows local attackers to escalate privileges and execute arbitrary code.

02 Jul 2024, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-07-02 15:15

Updated : 2025-03-13 20:15

NVD link : CVE-2023-51776

Mitre link : CVE-2023-51776

JSON object : View

Products Affected

mitsubishielectric

gx_works2
sw1dnc-mnetg-b_firmware
sw1dnc-mnetg-b
gx_works3
mrzjw3-mc2-utl_firmware
gx_logviewer
data_transfer_classic
sw0dnc-mneth-b_firmware
rt_toolbox3
sw1dnc-ccief-j
sw1dnc-qsccf-b_firmware
gt_softgot2000
sw1dnc-ccbd2-b
sw1dnc-ccief-b_firmware
genesis64
data_transfer
numerical_control_device_communication
rt_visualbox
cpu_module_logging_configuration_tool
sw1dnc-qsccf-b
mr_configurator
sw1dnd-emsdk-b
sw0dnc-mneth-b
sw1dnc-ccief-j_firmware
sw1dnc-ccbd2-b_firmware
mi_configurator
mx_component
sw1dnd-emsdk-b_firmware
gx_developer
iq_works
px_developer\/monitor_tool
gt_got2000
cw_configurator
mr_configurator2
sw1dnc-ccief-b
mx_opc_server_da\/ua
mrzjw3-mc2-utl
fr_configurator2
ezsocket
gt_got1000
gt_softgot1000
fr_configurator_sw3

jungo

windriver

CWE

NVD-CWE-noinfo

7.8 /10