CVE-2024-6793

A deserialization of untrusted data vulnerability exists in NI VeriStand DataLogging Server that may result in remote code execution. Successful exploitation requires an attacker to send a specially crafted message. These vulnerabilities affect NI VeriStand 2024 Q2 and prior versions.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ni:veristand:*:*:*:*:*:*:*:*
cpe:2.3:a:ni:veristand:2024:q2:*:*:*:*:*:*

History

21 Nov 2024, 09:50

Type Values Removed Values Added
References () https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/deserialization-of-untrusted-data-vulnerabilities-in-ni-veristand.html - Vendor Advisory () https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/deserialization-of-untrusted-data-vulnerabilities-in-ni-veristand.html - Vendor Advisory

17 Sep 2024, 14:16

Type Values Removed Values Added
First Time Ni veristand
Ni
References () https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/deserialization-of-untrusted-data-vulnerabilities-in-ni-veristand.html - () https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/deserialization-of-untrusted-data-vulnerabilities-in-ni-veristand.html - Vendor Advisory
CPE cpe:2.3:a:ni:veristand:2024:q2:*:*:*:*:*:*
cpe:2.3:a:ni:veristand:*:*:*:*:*:*:*:*

24 Jul 2024, 12:55

Type Values Removed Values Added
Summary
  • (es) Existe una vulnerabilidad de deserialización de datos no confiables en NI VeriStand DataLogging Server que puede resultar en la ejecución remota de código. La explotación exitosa requiere que un atacante envíe un mensaje especialmente manipulado. Estas vulnerabilidades afectan a NI VeriStand 2024 Q2 y versiones anteriores.

22 Jul 2024, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-22 21:15

Updated : 2024-11-21 09:50


NVD link : CVE-2024-6793

Mitre link : CVE-2024-6793

CVE.ORG link : CVE-2024-6793


JSON object : View

Products Affected

ni

  • veristand
CWE
CWE-502

Deserialization of Untrusted Data