CVE-2024-6793

A deserialization of untrusted data vulnerability exists in NI VeriStand DataLogging Server that may result in remote code execution. Successful exploitation requires an attacker to send a specially crafted message. These vulnerabilities affect NI VeriStand 2024 Q2 and prior versions.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/deserialization-of-untrusted-data-vulnerabilities-in-ni-veristand.html	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ni:veristand::::::::
	cpe:2.3:a:ni:veristand:2024:q2::::::

History

17 Sep 2024, 14:16

Type	Values Removed	Values Added
First Time		Ni veristand Ni
References	~~() https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/deserialization-of-untrusted-data-vulnerabilities-in-ni-veristand.html -~~	() https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/deserialization-of-untrusted-data-vulnerabilities-in-ni-veristand.html - Vendor Advisory
CPE		cpe:2.3:a:ni:veristand:2024:q2:::::: cpe:2.3:a:ni:veristand::::::::

24 Jul 2024, 12:55

Type	Values Removed	Values Added
Summary		(es) Existe una vulnerabilidad de deserialización de datos no confiables en NI VeriStand DataLogging Server que puede resultar en la ejecución remota de código. La explotación exitosa requiere que un atacante envíe un mensaje especialmente manipulado. Estas vulnerabilidades afectan a NI VeriStand 2024 Q2 y versiones anteriores.

22 Jul 2024, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-07-22 21:15

Updated : 2024-09-17 14:16

NVD link : CVE-2024-6793

Mitre link : CVE-2024-6793

CVE.ORG link : CVE-2024-6793

JSON object : View

Products Affected

ni

veristand

CWE

CWE-502

Deserialization of Untrusted Data

{"id": "CVE-2024-6793", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "security@ni.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-07-22T21:15:04.547", "references": [{"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/deserialization-of-untrusted-data-vulnerabilities-in-ni-veristand.html", "tags": ["Vendor Advisory"], "source": "security@ni.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-502"}]}, {"type": "Secondary", "source": "security@ni.com", "description": [{"lang": "en", "value": "CWE-502"}]}], "descriptions": [{"lang": "en", "value": "A\u00a0deserialization of untrusted data\u00a0vulnerability\u00a0exists in NI VeriStand DataLogging Server that may result in remote code execution. Successful exploitation requires an attacker to send a specially crafted message. These vulnerabilities affect NI VeriStand 2024 Q2 and prior versions."}, {"lang": "es", "value": " Existe una vulnerabilidad de deserializaci\u00f3n de datos no confiables en NI VeriStand DataLogging Server que puede resultar en la ejecuci\u00f3n remota de c\u00f3digo. La explotaci\u00f3n exitosa requiere que un atacante env\u00ede un mensaje especialmente manipulado. Estas vulnerabilidades afectan a NI VeriStand 2024 Q2 y versiones anteriores."}], "lastModified": "2024-09-17T14:16:08.697", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ni:veristand:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3D02E16D-4488-493C-BA90-F73B13926EF7", "versionEndIncluding": "2024"}, {"criteria": "cpe:2.3:a:ni:veristand:2024:q2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E70C6E0E-8FEE-4B59-8D7D-152384D7C3F1"}], "operator": "OR"}]}], "sourceIdentifier": "security@ni.com"}