Severity
Medium
Analysis Summary
CVE-2024-22106 CVSS:6
Mitsubishi Electric Multiple FA Engineering Software Products could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper privilege management. By sending a specially crafted request, an local attacker could exploit this vulnerability to gain Windows system privileges and execute arbitrary commands.
CVE-2024-26314, CVE-2024-25088, CVE-2023-51776, CVE-2024-25086
Mitsubishi Electric Multiple FA Engineering Software Products could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper privilege management. By sending a specially crafted request, an local attacker could exploit this vulnerability to gain Windows system privileges and execute arbitrary commands.
CVE-2024-25087, CVE-2024-22102, CVE-2024-22105
Mitsubishi Electric Multiple FA Engineering Software Products is vulnerable to a denial of service, caused by uncontrolled resource consumption. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause the application to crash.
CVE-2024-22104, CVE-2024-22103, CVE-2023-51778
Mitsubishi Electric Multiple FA Engineering Software Products is vulnerable to a denial of service, caused by out-of-bounds write. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause the application to crash.
Impact
- Denial of Service
- Privilege Escalation
Indicators of Compromise
CVE
- CVE-2024-22106
- CVE-2024-26314
- CVE-2024-25088
- CVE-2023-51776
- CVE-2024-25086
- CVE-2024-25087
- CVE-2024-22102
- CVE-2024-22105
- CVE-2024-22104
- CVE-2024-22103
- CVE-2023-51778
Affected Vendors
Affected Products
- Mitsubishi Electric FR Configurator2
- Mitsubishi Electric MI Configurator
- Mitsubishi Electric MX Component
- Mitsubishi Electric Data Transfer
- Mitsubishi Electric FR Configurator SW3
- Mitsubishi Electric GT Designer3 Version1 (GOT1000)
- Mitsubishi Electric GT Designer3 Version1 (GOT2000)
- Mitsubishi Electric GT SoftGOT1000 Version3
- Mitsubishi Electric GT SoftGOT2000 Version1
- Mitsubishi Electric GX Works2
- Mitsubishi Electric RT ToolBox3
- Mitsubishi Electric GX Works3
- Mitsubishi Electric CPU Module Logging Configuration Tool
- Mitsubishi Electric CSGL (GX Works2 connection configuration)
- Mitsubishi Electric CW Configurator
- Mitsubishi Electric Data Transfer Classic
- Mitsubishi Electric EZSocket (communication middleware product for Mitsubishi Electric partner companies)
- Mitsubishi Electric GENESIS64
- Mitsubishi Electric GX Developer
- Mitsubishi Electric GX LogViewer
- Mitsubishi Electric iQ Works (MELSOFT Navigator)
- Mitsubishi Electric Mitsubishi Electric Numerical Control Device Communication Software (FCSB1224)
- Mitsubishi Electric MR Configurator (SETUP221)
- Mitsubishi Electric MRZJW3-MC2-UTL
- Mitsubishi Electric MX OPC Server DA/UA (Software packaged with MC Works64)
- Mitsubishi Electric PX Developer/Monitor Tool:
- Mitsubishi Electric RT VisualBox
- Mitsubishi Electric Setting/monitoring tools for the C Controller module (SW4PVC-CCPU)
- Mitsubishi Electric SW0DNC-MNETH-B
- Mitsubishi Electric SW1DNC-CCBD2-B
- Mitsubishi Electric SW1DNC-CCIEF-J
- Mitsubishi Electric SW1DNC-CCIEF-B
- Mitsubishi Electric SW1DNC-MNETG-B
- Mitsubishi Electric SW1DNC-QSCCF-B
- Mitsubishi Electric SW1DND-EMSDK-B
Remediation
Refer to Mitsubishi Electric Security Advisory for patch, upgrade or suggested workaround information.