CVE-2024-25086
published 2024-07-02CVE-2024-25086: Improper privilege management in Jungo WinDriver before 12.2.0 allows local attackers to escalate privileges and execute arbitrary code.
PriorityP341high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.34%
25.3th percentile
Improper privilege management in Jungo WinDriver before 12.2.0 allows local attackers to escalate privileges and execute arbitrary code.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jungo | windriver | < 12.2.0 | 12.2.0 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-98p3-57xf-2q44: Improper privilege management in Jungo WinDriver before 12
ghsa_unreviewed·2024-07-02
CVE-2024-25086 [HIGH] CWE-269 GHSA-98p3-57xf-2q44: Improper privilege management in Jungo WinDriver before 12
Improper privilege management in Jungo WinDriver before 12.2.0 allows local attackers to escalate privileges and execute arbitrary code.
CISA ICS
Mitsubishi Electric Multiple FA Engineering Software Products (Update E)
cisa_ics·2026-01-15·CVSS 7.8
[HIGH] Mitsubishi Electric Multiple FA Engineering Software Products (Update E)
ICS Advisory
##
Mitsubishi Electric Multiple FA Engineering Software Products (Update E)
Last RevisedJanuary 15, 2026
Alert CodeICSA-24-135-04
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## Summary
Successful exploitation of these vulnerabilities may allow a local attacker to cause a Windows blue screen error that results in a denial-of-service condition. Additionally, an attacker may gain Windows system privileges and execute arbitrary commands.
The following versions of Mitsubishi Electric Multiple FA Engineering Software Products are affected:
- CPU Module Logging Configuration Tool (CVE-2023-51776, CVE-2023-51777, CVE-2023-51778, CVE-2024-22102, CVE-2024-22103, CVE-2024-22104, CVE-2024-22105, CVE-2024-
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://jungo.com/windriver/versions/https://www.cisa.gov/news-events/ics-advisories/icsa-24-135-04https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-001_en.pdfhttps://jungo.com/windriver/versions/https://www.cisa.gov/news-events/ics-advisories/icsa-24-135-04https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-001_en.pdf
2024-07-02
Published