PT-2024-37867 · National Instruments · Ni Veristand
Kimiya
·
Published
2024-07-22
·
Updated
2024-09-17
·
CVE-2024-6793
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
NI VeriStand versions prior to 2024 Q2
Description
A deserialization of untrusted data issue exists in NI VeriStand DataLogging Server that may result in remote code execution. Successful exploitation requires an attacker to send a specially crafted message.
Recommendations
For versions prior to 2024 Q2, update to a version newer than 2024 Q2 to resolve the issue. As a temporary workaround, consider restricting access to the DataLogging Server to minimize the risk of exploitation.
Fix
Deserialization of Untrusted Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ni Veristand