CVE-2020-25191

Name of the Vulnerable Software and Affected Versions National Instruments CompactRIO Driver versions prior to 20.5

Description The issue is related to incorrect default permissions for an API entry-point of a specific service. This allows a non-authenticated user to trigger a function that could remotely reboot the CompactRIO.

Recommendations For Driver versions prior to 20.5, update to version 20.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the API entry-point to prevent non-authenticated users from triggering the reboot function.