CVE-2024-1156

Incorrect directory permissions for the shared NI RabbitMQ service may allow a local authenticated user to read RabbitMQ configuration information and potentially enable escalation of privileges.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/incorrect-permissions-for-shared-systemlink-elixir-based-service.html	Exploit Vendor Advisory
https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/incorrect-permissions-for-shared-systemlink-elixir-based-service.html	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:emerson:data_record_ad::::::::
	cpe:2.3:a:emerson:flexlogger::::::::
	cpe:2.3:a:emerson:g_web_development_software::::::::
	cpe:2.3:a:emerson:labview_nxg:5.1::::community:::
	cpe:2.3:a:emerson:labview_nxg:5.1::::real-time_module:::
	cpe:2.3:a:emerson:labview_nxg:5.1::::web_module:::
	cpe:2.3:a:emerson:specification_compliance_manager::::::::
	cpe:2.3:a:emerson:static_test_software_suite::::::::
	cpe:2.3:a:emerson:sts_software_bundle::::::::
	cpe:2.3:a:emerson:systemlink_server::::::::

History

No history.

Information

Published : 2024-02-20 15:15

Updated : 2025-02-12 18:50

NVD link : CVE-2024-1156

Mitre link : CVE-2024-1156

CVE.ORG link : CVE-2024-1156

JSON object : View

Products Affected

emerson

g_web_development_software
data_record_ad
static_test_software_suite
sts_software_bundle
flexlogger
specification_compliance_manager
systemlink_server
labview_nxg

CWE

CWE-276

Incorrect Default Permissions

CWE-863

Incorrect Authorization

{"id": "CVE-2024-1156", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2024-02-20T15:15:09.910", "references": [{"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/incorrect-permissions-for-shared-systemlink-elixir-based-service.html", "tags": ["Exploit", "Vendor Advisory"], "source": "[email protected]"}, {"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/incorrect-permissions-for-shared-systemlink-elixir-based-service.html", "tags": ["Exploit", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-276"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "Incorrect directory permissions for the shared NI RabbitMQ service may allow a local authenticated user to read RabbitMQ configuration information and potentially enable escalation of privileges."}, {"lang": "es", "value": "Los permisos de directorio incorrectos para el servicio NI RabbitMQ compartido pueden permitir que un usuario autenticado local lea la informaci\u00f3n de configuraci\u00f3n de RabbitMQ y potencialmente habilitar la escalada de privilegios."}], "lastModified": "2025-02-12T18:50:02.210", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:emerson:data_record_ad:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2267E001-7C8A-4E3C-BAA3-C4108CDC2C11", "versionEndIncluding": "2.0.1"}, {"criteria": "cpe:2.3:a:emerson:flexlogger:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A05CEECE-4F09-4875-97F5-D419044299B8", "versionEndIncluding": "2022_q3"}, {"criteria": "cpe:2.3:a:emerson:g_web_development_software:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1C4008CF-D7BB-4400-AF25-69A468E0274F", "versionEndIncluding": "2022_q3"}, {"criteria": "cpe:2.3:a:emerson:labview_nxg:5.1:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "E84E23D5-04EB-4B73-B335-AD1F9ECA6166"}, {"criteria": "cpe:2.3:a:emerson:labview_nxg:5.1:*:*:*:real-time_module:*:*:*", "vulnerable": true, "matchCriteriaId": "25474D7C-8523-49BF-8D83-5D82A0D95FD0"}, {"criteria": "cpe:2.3:a:emerson:labview_nxg:5.1:*:*:*:web_module:*:*:*", "vulnerable": true, "matchCriteriaId": "06AE0E0E-8E3C-416F-97EC-308FB2953B56"}, {"criteria": "cpe:2.3:a:emerson:specification_compliance_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "18B58D78-41AA-484A-A184-DFA999ED504B", "versionEndIncluding": "2023_q4"}, {"criteria": "cpe:2.3:a:emerson:static_test_software_suite:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "338BAA7F-884C-41D8-B131-9E2C2FD46DC6", "versionEndIncluding": "1.2"}, {"criteria": "cpe:2.3:a:emerson:sts_software_bundle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B018440C-809C-4E30-9A08-AAF79D7D280E", "versionEndIncluding": "21.0"}, {"criteria": "cpe:2.3:a:emerson:systemlink_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "95CF6EFB-FED4-428A-8CE5-AAE9D12A64FB", "versionEndExcluding": "2024_q1"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}