Analysis Summary

CVE-2024-22106 CVSS:6

Mitsubishi Electric Multiple FA Engineering Software Products could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper privilege management. By sending a specially crafted request, an local attacker could exploit this vulnerability to gain Windows system privileges and execute arbitrary commands.

CVE-2024-26314, CVE-2024-25088, CVE-2023-51776, CVE-2024-25086

Mitsubishi Electric Multiple FA Engineering Software Products could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper privilege management. By sending a specially crafted request, an local attacker could exploit this vulnerability to gain Windows system privileges and execute arbitrary commands.

CVE-2024-25087, CVE-2024-22102, CVE-2024-22105

Mitsubishi Electric Multiple FA Engineering Software Products is vulnerable to a denial of service, caused by uncontrolled resource consumption. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause the application to crash.

CVE-2024-22104, CVE-2024-22103, CVE-2023-51778

Mitsubishi Electric Multiple FA Engineering Software Products is vulnerable to a denial of service, caused by out-of-bounds write. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause the application to crash.

Impact

• Denial of Service
• Privilege Escalation

Indicators of Compromise

CVE

• CVE-2024-22106
• CVE-2024-26314
• CVE-2024-25088
• CVE-2023-51776
• CVE-2024-25086
• CVE-2024-25087
• CVE-2024-22102
• CVE-2024-22105
• CVE-2024-22104
• CVE-2024-22103
• CVE-2023-51778

Affected Vendors

Affected Products

• Mitsubishi Electric FR Configurator2
• Mitsubishi Electric MI Configurator
• Mitsubishi Electric MX Component
• Mitsubishi Electric Data Transfer
• Mitsubishi Electric FR Configurator SW3
• Mitsubishi Electric GT Designer3 Version1 (GOT1000)
• Mitsubishi Electric GT Designer3 Version1 (GOT2000)
• Mitsubishi Electric GT SoftGOT1000 Version3
• Mitsubishi Electric GT SoftGOT2000 Version1
• Mitsubishi Electric GX Works2
• Mitsubishi Electric RT ToolBox3
• Mitsubishi Electric GX Works3
• Mitsubishi Electric CPU Module Logging Configuration Tool
• Mitsubishi Electric CSGL (GX Works2 connection configuration)
• Mitsubishi Electric CW Configurator
• Mitsubishi Electric Data Transfer Classic
• Mitsubishi Electric EZSocket (communication middleware product for Mitsubishi Electric partner companies)
• Mitsubishi Electric GENESIS64
• Mitsubishi Electric GX Developer
• Mitsubishi Electric GX LogViewer
• Mitsubishi Electric iQ Works (MELSOFT Navigator)
• Mitsubishi Electric Mitsubishi Electric Numerical Control Device Communication Software (FCSB1224)
• Mitsubishi Electric MR Configurator (SETUP221)
• Mitsubishi Electric MRZJW3-MC2-UTL
• Mitsubishi Electric MX OPC Server DA/UA (Software packaged with MC Works64)
• Mitsubishi Electric PX Developer/Monitor Tool:
• Mitsubishi Electric RT VisualBox
• Mitsubishi Electric Setting/monitoring tools for the C Controller module (SW4PVC-CCPU)
• Mitsubishi Electric SW0DNC-MNETH-B
• Mitsubishi Electric SW1DNC-CCBD2-B
• Mitsubishi Electric SW1DNC-CCIEF-J
• Mitsubishi Electric SW1DNC-CCIEF-B
• Mitsubishi Electric SW1DNC-MNETG-B
• Mitsubishi Electric SW1DNC-QSCCF-B
• Mitsubishi Electric SW1DND-EMSDK-B

Remediation

Refer to Mitsubishi Electric Security Advisory for patch, upgrade or suggested workaround information.

Mitsubishi Electric Security Advisory