Login Sign Up

CVE-2023-51778

5.5 MEDIUM
Denial of Service

📋 TL;DR

This CVE describes an out-of-bounds write vulnerability in Jungo WinDriver that allows local attackers to trigger a Windows blue screen error, causing a denial of service. The vulnerability affects systems running WinDriver versions before 12.1.0, primarily impacting industrial control systems and embedded devices that use this driver development toolkit.

💻 Affected Systems

Products:
  • Jungo WinDriver
Versions: All versions before 12.1.0
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Primarily affects industrial control systems and embedded devices using WinDriver for hardware communication. The vulnerability requires local access to the system.

📦 What is this software?

Cpu Module Logging Configuration Tool by Mitsubishielectric

View all CVEs affecting Cpu Module Logging Configuration Tool →

Cw Configurator by Mitsubishielectric

View all CVEs affecting Cw Configurator →

Data Transfer by Mitsubishielectric

View all CVEs affecting Data Transfer →

Data Transfer Classic by Mitsubishielectric

View all CVEs affecting Data Transfer Classic →

Ezsocket by Mitsubishielectric

View all CVEs affecting Ezsocket →

Fr Configurator Sw3 by Mitsubishielectric

View all CVEs affecting Fr Configurator Sw3 →

Fr Configurator2 by Mitsubishielectric

View all CVEs affecting Fr Configurator2 →

Genesis64 by Mitsubishielectric

View all CVEs affecting Genesis64 →

Gt Got1000 by Mitsubishielectric

View all CVEs affecting Gt Got1000 →

Gt Got2000 by Mitsubishielectric

View all CVEs affecting Gt Got2000 →

Gt Softgot1000 by Mitsubishielectric

View all CVEs affecting Gt Softgot1000 →

Gt Softgot2000 by Mitsubishielectric

View all CVEs affecting Gt Softgot2000 →

Gx Developer by Mitsubishielectric

View all CVEs affecting Gx Developer →

Gx Logviewer by Mitsubishielectric

View all CVEs affecting Gx Logviewer →

Gx Works2 by Mitsubishielectric

View all CVEs affecting Gx Works2 →

Gx Works3 by Mitsubishielectric

View all CVEs affecting Gx Works3 →

Iq Works by Mitsubishielectric

View all CVEs affecting Iq Works →

Mi Configurator by Mitsubishielectric

View all CVEs affecting Mi Configurator →

Mr Configurator by Mitsubishielectric

View all CVEs affecting Mr Configurator →

Mr Configurator2 by Mitsubishielectric

View all CVEs affecting Mr Configurator2 →

Mrzjw3 Mc2 Utl Firmware by Mitsubishielectric

View all CVEs affecting Mrzjw3 Mc2 Utl Firmware →

Mx Component by Mitsubishielectric

View all CVEs affecting Mx Component →

Mx Opc Server Da\/ua by Mitsubishielectric

View all CVEs affecting Mx Opc Server Da\/ua →

Numerical Control Device Communication by Mitsubishielectric

View all CVEs affecting Numerical Control Device Communication →

Px Developer\/monitor Tool by Mitsubishielectric

View all CVEs affecting Px Developer\/monitor Tool →

Rt Toolbox3 by Mitsubishielectric

View all CVEs affecting Rt Toolbox3 →

Rt Visualbox by Mitsubishielectric

View all CVEs affecting Rt Visualbox →

Sw0dnc Mneth B Firmware by Mitsubishielectric

View all CVEs affecting Sw0dnc Mneth B Firmware →

Sw1dnc Ccbd2 B Firmware by Mitsubishielectric

View all CVEs affecting Sw1dnc Ccbd2 B Firmware →

Sw1dnc Ccief B Firmware by Mitsubishielectric

View all CVEs affecting Sw1dnc Ccief B Firmware →

Sw1dnc Ccief J Firmware by Mitsubishielectric

View all CVEs affecting Sw1dnc Ccief J Firmware →

Sw1dnc Mnetg B Firmware by Mitsubishielectric

View all CVEs affecting Sw1dnc Mnetg B Firmware →

Sw1dnc Qsccf B Firmware by Mitsubishielectric

View all CVEs affecting Sw1dnc Qsccf B Firmware →

Sw1dnd Emsdk B Firmware by Mitsubishielectric

View all CVEs affecting Sw1dnd Emsdk B Firmware →

Windriver by Jungo

View all CVEs affecting Windriver →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system crash requiring physical reboot, potentially disrupting critical industrial processes or embedded systems that rely on WinDriver for hardware communication.

🟠

Likely Case

Local denial of service through system crash, requiring reboot to restore functionality. This could interrupt operations in industrial environments.

🟢

If Mitigated

Minimal impact if proper access controls prevent local users from executing malicious code or if systems are patched to version 12.1.0 or later.

🌐 Internet-Facing: LOW - This is a local privilege vulnerability requiring local access to the system.
🏢 Internal Only: MEDIUM - Internal users with local access could exploit this to cause system crashes and disrupt operations.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local access to the system. The vulnerability is an out-of-bounds write that can be triggered to cause a blue screen. No public proof-of-concept has been identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 12.1.0 and later

Vendor Advisory: https://jungo.com/windriver/versions/

Restart Required: Yes

Instructions:

1. Download WinDriver version 12.1.0 or later from Jungo's website. 2. Uninstall the current WinDriver version. 3. Install the updated version. 4. Reboot the system to ensure the new driver loads properly.

🔧 Temporary Workarounds

Restrict Local Access

windows

Limit local user access to systems running vulnerable WinDriver versions to reduce attack surface.

Application Whitelisting

windows

Implement application control policies to prevent unauthorized programs from executing on affected systems.

🧯 If You Can't Patch

  • Implement strict access controls to limit local user privileges on affected systems
  • Isolate affected systems from general user networks and implement network segmentation

🔍 How to Verify

Check if Vulnerable:

Check the WinDriver version in the installed programs list or via the driver properties in Device Manager. Versions before 12.1.0 are vulnerable.

Check Version:

Check Control Panel > Programs and Features for WinDriver version, or examine driver properties in Device Manager

Verify Fix Applied:

Verify that WinDriver version 12.1.0 or later is installed and check that no older versions are present in the system.

📡 Detection & Monitoring

Log Indicators:

  • Windows System logs showing unexpected blue screen events (BugCheck codes)
  • Application logs showing WinDriver-related errors or crashes

Network Indicators:

  • No specific network indicators as this is a local vulnerability

SIEM Query:

EventID=41 OR EventID=1001 AND Source="Microsoft-Windows-Kernel-Power" OR Source="Microsoft-Windows-WER-SystemErrorReporting"

📊 Metadata

CVE ID: CVE-2023-51778
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-787
Published: July 2, 2024
Last Updated: March 13, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-51778, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)